Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2229
Views
1
Helpful
1
Replies

Configure Maximum Concurrent User Sessions on ISE 2.2

Go to solution
priyadve
Level 1
Level 1

‎09-21-2017 01:05 AM

I would want to know, whether the configuration of maximum concurrent users session is available for External identity source(Active directory)

In reference to the below link, my understanding is this option is right now available on ISE internal users alone and is not available for External:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/204463-Configure-Maximum-Concurrent-User-Sessio.html

1)Do we have any limitation with Maximum concurrent users using External identity source?

2)Any enhancement request raised for this configuration with ISE 2.3?

I see with ISE 2.3 as well we have this issue.

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎09-21-2017 05:08 AM

Maximum users internal or external to ISE is not related to the maximum concurrent sessions.  Regardless of how many users or devices which may be stored in- or outside ISE, max sessions is number that can have active connections at any one time to a specific PSN or to overall deployment.  For example, ISE can store 1.5M endpoints in its database, but only 500k may have active sessions at one time.  Similarly, there may be millions of users in AD or LDAP store, but only 500k can be connected and have active session to ISE at any one point in time.  This also means that over a course of a day, we may have many more than 500k users/devices that authenticate to ISE, but limit is point in time.  Some competitors rate their sizing based on daily connections, not concurrent, and attempt to claim similar or higher scaling.  This logic is flawed since ISE could authenticate many millions in a 24-hr period.  Hope that clarifies.

Craig

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Hyps
Level 10
Level 10

‎09-21-2017 05:08 AM

Maximum users internal or external to ISE is not related to the maximum concurrent sessions.  Regardless of how many users or devices which may be stored in- or outside ISE, max sessions is number that can have active connections at any one time to a specific PSN or to overall deployment.  For example, ISE can store 1.5M endpoints in its database, but only 500k may have active sessions at one time.  Similarly, there may be millions of users in AD or LDAP store, but only 500k can be connected and have active session to ISE at any one point in time.  This also means that over a course of a day, we may have many more than 500k users/devices that authenticate to ISE, but limit is point in time.  Some competitors rate their sizing based on daily connections, not concurrent, and attempt to claim similar or higher scaling.  This logic is flawed since ISE could authenticate many millions in a 24-hr period.  Hope that clarifies.

Craig

0 Helpful
Customers Also Viewed These Support Documents