Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

Conditions in Policy Sets

Francisco Leon Rodriguez
Level 1
Level 1

ā€Ž10-09-2024 03:16 PM

Good afternoon team
 
There is currently a Posture implementation with client, but the directory has many domains, it is not a single domain.
 
Example PERA\ carlos.perez
MICROSOFT\ john.smith
Etc
How can I get it to only take users from a specific domain under the conditions in the policy set which should be by Radius-user-name It can be used as follows that any user coming from the MICROSOFT domain
 
 
Preview file
25 KB
0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

ā€Ž10-09-2024 03:46 PM

Unfortunately ISE doesn't retrieve this attribute for an AD object - but you can tell ISE to do so, as follows. And I am no AD expert, but I think what you're looking for might be found in the userPrincipalName - e.g. in my lab my UPN is netadmin-ab@nrlab.local - the AD domain is rnlab.local - there are other attributes such as the distiniguishedName which also contains the AD in another format - e.g. DC=rnlab,DC=local

The method below will import the AD Attribute Name into ISE, so you can use it in your Policy Sets. You can give ISE an example username so that it can present a list for you - then you select the attributes you want:

ArneBier_0-1728513763565.png

Click OK and then Save.

You will then see this attribute in the Policy Set

ArneBier_1-1728513936409.png

 

Maybe this would suffice then:

ArneBier_2-1728513982815.png

 

 

 

0 Helpful
Customers Also Viewed These Support Documents