Cisco ISE user mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2016 08:44 AM - edited 03-10-2019 11:50 PM
Hello,
I am going to install Cisco ISE in our network and I'm curious if there is a way to manipulate usernames? My Active Directory is using usernames in format Axxxxx eg A15109 and I'd like my users to be able to get into switches & routers using name.surname format which then will be converted to Axxxxx and passed to AD for authentication?
The reason behind it is that I'd like to see who is logged into a device and these Axxxx numbers are not very readable... also, I'd prefer to see a different format in logs so I don't have to "translate" Axxxx to name&surname all the time... any ideas?
Cheers for any help!
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2016 05:58 PM
Hi there, I believe you can do this with the "Identity Rewrite" function in ISE. Go to:
Administration > Identity Management > External Identity Sources > Your AD > Advanced Settings > Identity Rewrite.
Also, as a side note, it is always recommended that you use local admin/password for device administration and not AD ones. That way, if your AD controller gets compromised, your network administration would still be secured.
I hope this helps!
Thank you for rating helpful posts!
