Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3155
Views
0
Helpful
4
Replies

ISE 2.3 Active Directory OU authentication

Go to solution
christopher.dove@dof.ca.gov
Beginner
Beginner

‎07-10-2018 01:56 PM

Hi,

I'm trying to create a  authorization policy using an active directory OU (both user and machine objects).  But I'm unable to the OU to ISE.  It only allow security groups. Please advise.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-10-2018 04:00 PM

It's not recommended to use OU, which is not indexed, so would result in poorer performance.

If you have to use it, then you may write conditions on the AD attribute "distinguishedName"

View solution in original post

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to kenneth-goh

‎11-07-2019 06:53 AM

Join ISE to Active Directory.  Then add whatever groups you want to use into ISE.  At that point, then you will be able to use the AD groups in your authorization policies.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-10-2018 04:00 PM

It's not recommended to use OU, which is not indexed, so would result in poorer performance.

If you have to use it, then you may write conditions on the AD attribute "distinguishedName"

0 Helpful

Go to solution
kenneth-goh
Beginner
Beginner

‎11-07-2019 02:26 AM

How do I create Authorization Policy using Active Directory Security Groups? Thanks.

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to kenneth-goh

‎11-07-2019 06:53 AM

Join ISE to Active Directory.  Then add whatever groups you want to use into ISE.  At that point, then you will be able to use the AD groups in your authorization policies.

0 Helpful

Go to solution
kenneth-goh
Beginner
Beginner
In response to Colby LeMaire

‎11-07-2019 05:31 PM

I could see the option for OU 'CERTIFICATE Subject - Organization Unit'

Which option is for Active Directory Security Policy to add the groups? 

CERTIFICATE Subject - Organization Unit.PNG

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents