Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1990
Views
5
Helpful
5
Replies

How to create Multiple admin user easily in ISE

Go to solution
Abhijith Mepparabath
Level 1
Level 1

‎05-06-2020 05:22 AM

Hello,

 

I have been trying to find out an easy way to create multiple Local admin user who can authenticate with external identity source like RSA .

I tried to use ERS API request but it didn't give me the required output ,i could able to created internal users with the API request but not admin users.

Is it possible to create create multiple Local admin user who can authenticate with external identity source in ISE via ERS API request? 

If not can any one suggest me  any possible solution for this.

 

Thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-06-2020 05:50 AM

AFAIK, as you stated, with the APIs you can only create internal users. Relating to admin users the API allows 'get-by-id', 'get-all', & 'get-version'. That info can be found in the SDK API documentation. HTH!

View solution in original post

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Abhijith Mepparabath

‎05-10-2020 04:52 PM

It sounds like what you are trying to do is create bulk 'shadow' admin user accounts to use in conjunction with MFA (RSA) authentication/authorisation for the ISE GUI. Since ISE still performs local Authorisation when it comes to admin flows using MFA, these admin accounts (with no password) must be created and mapped to the proper RBAC group in ISE.

There is currently no mechanism for using the API or an Import option for creating admin users. These 'shadow' accounts will have to be individually created in the GUI.

View solution in original post

5 Replies 5

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-06-2020 05:50 AM

AFAIK, as you stated, with the APIs you can only create internal users. Relating to admin users the API allows 'get-by-id', 'get-all', & 'get-version'. That info can be found in the SDK API documentation. HTH!
0 Helpful

Go to solution
Abhijith Mepparabath
Level 1
Level 1
In response to Mike.Cifelli

‎05-07-2020 02:25 AM

Thanks!

Is there any other way to create multiple admin user easily .

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Abhijith Mepparabath

‎05-09-2020 08:43 AM

Your best bet would be to utilize an external source such as AD security groups and add admin users to each respective group in AD for how you want to divide roles. Then reference that Admin Group in your RBAC Policies for Admin Access & grant permissions (menu/data) as you wish.
Create Admin Group: Administration->System->Admin Access->Administrators->Admin Groups
Map to RBAC Policy: Administrations->System->Admin Access->Authorization->Policy
Good luck & HTH!
0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Abhijith Mepparabath

‎05-10-2020 04:52 PM

It sounds like what you are trying to do is create bulk 'shadow' admin user accounts to use in conjunction with MFA (RSA) authentication/authorisation for the ISE GUI. Since ISE still performs local Authorisation when it comes to admin flows using MFA, these admin accounts (with no password) must be created and mapped to the proper RBAC group in ISE.

There is currently no mechanism for using the API or an Import option for creating admin users. These 'shadow' accounts will have to be individually created in the GUI.

Go to solution
pavagupt
Cisco Employee
Cisco Employee

‎05-10-2020 11:31 PM

unfortunately, there is no API for us to create bulk RBAC admins.. At this point of time, there is no easy way for rbac admins..

0 Helpful
Customers Also Viewed These Support Documents