11-15-2016 01:20 AM
Hello team,
With Rest API 2.0, is there any way to create an internal user with attribute of SuspendTime?
In GUI of ISE, we only see the Disable option for internal users, but didn't see SuspendTime option for internal users.
Thanks,
-David
11-15-2016 02:24 PM
Hi,
Did you check the ISE 2.1 Rest API documentation?
If this is a new feature ask, please work through your partner or Cisco Sales to reach out to the business unit.
Thanks
Krishnan
11-15-2016 02:48 PM
Hi Krishnan,
Thanks for the information.
I've checked the API 2.1 you mentioned, which only tells something about Suspend on Guest Users, instead of Internal Users.
My customer is using ISE 2.0,and they would like to use the attribute of SuspendTime to disable some internal users, but there is no detailed information about how to use it.
Attached please find the screenshot.
Appreciate any advice.
-David
11-16-2016 06:00 AM
For starters, make sure you are running more current version as I do not see endpoint purge menu option added in ISE 1.2. If not running ISE 1.4 or higher, your deployment is at risk due to lack of software support.
Secondly, the version you are running also exposes internal attributes not available for modification. We have updated list in later releases (ISE 2.1+) to only reflect those parameters that can be viewed/maintained via Internal User record or custom attributes.
I suspect SuspendTime is tied to Password Policy and suspension due to consecutive login failures. This is not something you can control since happens as an automatic consequence of password policy enforcement.
ISE 2.1 introduces Account Expiry which could be use to expire account, or enable/disable account. Both are controllable via API as well as admin UI.
"enabled" : true,
"expiryDateEnabled" : false,
"expiryDate" : "2016-12-11",
/Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide