Trying to configure a device admin policy set for TACACS plus, using RSA to authenticate. I can get the Authentication to work and I see ISE talking to RSA in the tacacs logs and authenticating ok, however the authorization fails and says there is no user in the selected identity store. How can I configure the authorization part of the policy?
Kindly download the complete report for working and non-working scenario and attach it as just screenshots of the report will not help much. Also attach the complete authentication and authorization policy details for matching policy.
Hi, The tacacs reports do not give you any detailed information. Only a CSV outlining the attempts and if they failed or passed. Is there a way I can download the the detailed report?
Also, just to add, this does not happen if I use AD as the external ID source. Only when using RSA, so maybe a symptom of using RSA as the external ID source, as it doesn't share the username with ISE, unlike AD?
Thankyou for your time on this. Changing this setting has allowed to me successfully log onto a Cisco device now using RSA, without needing to use the advanced "continue" if user not found option! Many thanks.
