Sure you can!Make sure you

MAGNUS SVENSSON · ‎04-09-2015

Is it possible to authenticate the ISE administrator via an external Radius Server? The option I find is that it will not work,

The manual reads:

In Cisco ISE, you can authenticate administrators via an external identity store such as Active Directory, LDAP, or RSA SecureID. There are two models you can use to provide authentication via an external identity store:

Is this the case ?

cciesec2011 · ‎04-10-2015

Yes, it is possible. in my situation, I have a distributed deployment, 1 primary Admin/Mnt, 1 Secondary Admin/Mnt and 2 PSN nodes and I set up all of them so that different users can access the ISE admin UI via Radius server running on another appliance, ACS server. The ACS server is integrated into Active Directory.

So the answer is yes.

Charlie Moreton · ‎04-10-2015

Sure you can!

Make sure you have the RADIUS server added to the ISE (Administration > Identity Management > External Identity Sources Select RADIUS Token from the left menu).

Then head over to Administration > System > Admin Access. Change the * Identity Source to your RADIUS Server and click Save

Log out and you will see an new entry on the log in screen. Click the dropdown for Identity Source and choose your RADIUS Server. If this connection gets dropped for any reason, you can always log in using the internal identity source as a fallback.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton

Identity Service Engine (ISE) Admin Access