Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Anukalp S

CWA Auth for specific AD group

Hi. i have setup CWA auth on ISE for our wireless corporate users so that they could connect on wifi using their AD credentials. Everything is setup on WLC and ISE side and it is also working but problem is all AD users are able to login though we want to give access to specific group in AD, i have also setup same in authorization rule but still it is not working. Please suggest , see below auth rule where i have allowed only "information technology" group users but all AD users are able to login.




Arne Bier
VIP Advisor

I don't think this is possible.  Would be nice though.  The more I think about it, the more I would like to see a Policy Set type of logic for the Portal Authentication - all the logic is tied up in menu options, which is not very flexible.


Have you asked this question over at ?  The ISE TME's usually provide a good answer.

Rising star

Like Arne said, this actually used to be possible as there was a more granular control of the guest authentication policy, now it's basically down to selecting the identity store/sequence under the guest portal. What i have done before is to connect using LDAP to AD, and then restrict the container where i look for users, then ISE will simply not be able to authenticate users that are not in that container, it probably won't work if you users are members of a group, only if they are actually located in the same place in your AD.

Hi.. Thanks it works now but facing ISE CWA redirect page opening issue on Chrome browser, on other browser it works, i have been running ISE 2.2, please suggest for compatibility with chrome.

Content for Community-Ad