Showing results for 
Search instead for 
Did you mean: 

ISE 1.3 GUI Portal RSA 2 Factor Authentication

Cisco Employee
Cisco Employee


My customer wants to use RSA 2 factor authentication to authenticate into ISE admin portal. I have imported the sdconf.rec file already and change authentication to RSA SecurID under admin access. When I go under an admin group I am not able to see any external group to specify.

When I tried to authenticate an AD user with RSA pin it is not working.


3 Replies 3

Cisco Employee
Cisco Employee

Administrative Access to Cisco ISE Using an External Identity Store says,

External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.

Screen Shot 2016-08-26 at 10.00.06 AM.png

Screen Shot 2016-08-26 at 10.05.20 AM.pngScreen Shot 2016-08-26 at 10.08.17 AM.png

Thanks for the reply but couple of questions:

1. Not sure I understand "Use another ISE to simulate this radius token" what if I only have one ISE server? What are the configuration options?

2. Am I not allowed to use RSA SecurID instead of Radius Token?

3. Do I need to create every AD username inside ISE internal DB that wants to use RSA to authenticate the portal?

Cisco Employee
Cisco Employee

On 1, I do not have a RSA SecurID server, so I used another ISE to simulate.

On 2, YES!

On 3, you would need to create the same set of the usernames for the the users allowed to use RSA SecurID for authentication to ISE admin portal.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers