Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
1
Helpful
3
Replies

Create Internal User with Suspend Time using API

Qingwei Wu
Cisco Employee
Cisco Employee

‎11-15-2016 01:20 AM

Hello team,

With Rest API 2.0, is there any way to create an internal user with attribute of SuspendTime?

In GUI of ISE, we only see the Disable option for internal users, but didn't see SuspendTime option for internal users.

Thanks,

-David

0 Helpful
3 Replies 3

kthiruve
Cisco Employee
Cisco Employee

‎11-15-2016 02:24 PM

Hi,

Did you check the ISE 2.1 Rest API documentation?

Cisco Identity Services Engine API Reference Guide, Release 2.1 - External RESTful Services Calls [Cisco Identity Servic…

If this is a new feature ask, please work through your partner or Cisco Sales to reach out to the business unit.

Thanks

Krishnan

0 Helpful

Qingwei Wu
Cisco Employee
Cisco Employee
In response to kthiruve

‎11-15-2016 02:48 PM

Hi Krishnan,

Thanks for the information.

I've checked the API 2.1 you mentioned, which only tells something about Suspend on Guest Users, instead of Internal Users.

My customer is using ISE 2.0,and they would like to use the attribute of SuspendTime to disable some internal users, but there is no detailed information about how to use it.

Attached please find the screenshot.

Appreciate any advice.

-DavidSuspendTime.png

0 Helpful

Craig Hyps
Level 10
Level 10
In response to Qingwei Wu

‎11-16-2016 06:00 AM

For starters, make sure you are running more current version as I do not see endpoint purge menu option added in ISE 1.2.  If not running ISE 1.4 or higher, your deployment is at risk due to lack of software support. 

Secondly, the version you are running also exposes internal attributes not available for modification.  We have updated list in later releases (ISE 2.1+) to only reflect those parameters that can be viewed/maintained via Internal User record or custom attributes.

I suspect SuspendTime is tied to Password Policy and suspension due to consecutive login failures.  This is not something you can control since happens as an automatic consequence of password policy enforcement.

ISE 2.1 introduces Account Expiry which could be use to expire account, or enable/disable account.  Both are controllable via API as well as admin UI.

     "enabled" : true,

     "expiryDateEnabled" : false,

     "expiryDate" : "2016-12-11",

/Craig

Customers Also Viewed These Support Documents