08-06-2019 07:57 PM
Hi experts
I have some questions about ISE Passive ID .
These is a customer they are using AD as external id source of ISE. also they want to use passive id for any users who didn't enable dot1x feature but joined AD.
All these users by default they are belongs Domain user, didn't created any groups for classify. they are using AD attribute as classification condition as below :
I was enabled passive id . when I select passive id as authorization condition. there are only two options could be use. username and group.
my question : is there any way we could add attribute as the passive id conditions ?
any reply will be appreciate.
Solved! Go to Solution.
08-07-2019 07:07 AM
You can select the join point name of your AD domain and select AD attribute just like 802.1X condition. It should work even for passive-id sessions.
08-07-2019 07:07 AM
You can select the join point name of your AD domain and select AD attribute just like 802.1X condition. It should work even for passive-id sessions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide