We want to create a policy set in ISE from an extension Attribute value in AD.
Can we use that attribute in the Policy Condition in ISE?
Any ideas?
Accepted Solutions
Have you had a look in your AD joined ISE? You can easily check this by navigating to Administration > Identity Management and then clicking on your AD Join Point. Open the 'Attributes' tab and then click 'Add'
Then I tend to select the option 'Select Attributes from directory' and give it a username as an example. I don't know if these extensions should exist in my AD - but I don't see them. Maybe you see them in your ISE.
Failing that, you can also bind ISE to your AD controllers using LDAP and then you will have complete access to all the objects.
Edit/create the Rule, and then click on the Conditions field to open up the Editor
You can search in the AD Join Points. Under the Dictionary drop-down, look for you AD Join Point name - e.g.
Have you had a look in your AD joined ISE? You can easily check this by navigating to Administration > Identity Management and then clicking on your AD Join Point. Open the 'Attributes' tab and then click 'Add'
Then I tend to select the option 'Select Attributes from directory' and give it a username as an example. I don't know if these extensions should exist in my AD - but I don't see them. Maybe you see them in your ISE.
Failing that, you can also bind ISE to your AD controllers using LDAP and then you will have complete access to all the objects.
Edit/create the Rule, and then click on the Conditions field to open up the Editor
You can search in the AD Join Points. Under the Dictionary drop-down, look for you AD Join Point name - e.g.
