Solved: Re: ISE 2.3 Active Directory OU authentication

christopher.dove@dof.ca.gov · ‎07-10-2018

Hi,

I'm trying to create a authorization policy using an active directory OU (both user and machine objects). But I'm unable to the OU to ISE. It only allow security groups. Please advise.

hslai · ‎07-10-2018

It's not recommended to use OU, which is not indexed, so would result in poorer performance.

If you have to use it, then you may write conditions on the AD attribute "distinguishedName"

View solution in original post

Colby LeMaire · ‎11-07-2019

Join ISE to Active Directory. Then add whatever groups you want to use into ISE. At that point, then you will be able to use the AD groups in your authorization policies.

View solution in original post

hslai · ‎07-10-2018

It's not recommended to use OU, which is not indexed, so would result in poorer performance.

If you have to use it, then you may write conditions on the AD attribute "distinguishedName"

kenneth-goh · ‎11-07-2019

How do I create Authorization Policy using Active Directory Security Groups? Thanks.

Colby LeMaire · ‎11-07-2019

Join ISE to Active Directory. Then add whatever groups you want to use into ISE. At that point, then you will be able to use the AD groups in your authorization policies.

kenneth-goh · ‎11-07-2019

I could see the option for OU 'CERTIFICATE Subject - Organization Unit'

Which option is for Active Directory Security Policy to add the groups?