Solved: Cisco ISE dot1x & Active Directory Authentication

Nick Mavrou · ‎10-13-2022

Hi team,

I have a quick question regarding the AD authentication and the way how ISE does authenticate users from AD. So far I see, it is based on AD groups. Is it a way to set up a policy/condition for a specific user in a group instead of allowing all the users of the specified group to authenticate?

Many thanks

Rob Ingram · ‎10-14-2022

@Nick Mavrou you authenticate to an identity store (AD/LDAP etc), you then have to authorise, which is generally an AD group or if required you can define a specific AD username. In the authorisation rule you can use the condition "Network Access Username EQUALS <username>"

View solution in original post

Rob Ingram · ‎10-14-2022

@Nick Mavrou you authenticate to an identity store (AD/LDAP etc), you then have to authorise, which is generally an AD group or if required you can define a specific AD username. In the authorisation rule you can use the condition "Network Access Username EQUALS <username>"

Nick Mavrou · ‎10-14-2022

@Rob Ingram Sweet thank you very much sir. Much appreciate!

NM