As part of my ISE deployment I have configured the last rule in the Autentication Rules to continue if a user is found in Identity Store Sequence BYOD-USERS.
This Identity store specifies that Active Directory and Guest users should be searched, when a user logins into the Guest Sponsor Portal.
However at the moment Guest users are working fine and are permitted onto the Guest network once they have authenticated, as part of a corresponding Authroization profile however with Active Directory I only want a small subsection of users who can continue once entering in their details. If the user isn't in that particular AD security group they can't progress further from the guest portal.
So my question is, is the identity store sequence where I have requested that active directory be searched that I can filter which user group can potentially login. I understand that under the Active Directory Identity store I can specifiy groups which I have done, but my question is can I restrict which groups are search in the identity store sequence for active directory.
They way to accomplish this (I think) would be to create another Identity Source. Go to Administration > Identity Management > External Identity Sources. From there, click LDAP from the menu on the left.
Click the +Add button to add an identity source. Bind this connection to the AD server you are currently using. Choose the groups you want to be in the Authorization Profile and then, Choose the Attributes for the Identity Source:
From here, you MUST use the full LDAP object name for the group to get the list of attributes:
Click Submit, then OK (the dialog might just contain the number 1). Use this new Identity Source in your Identity Source Sequence.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.