I'm trying to create a authorization policy using an active directory OU (both user and machine objects). But I'm unable to the OU to ISE. It only allow security groups. Please advise.
Go to Solution.
It's not recommended to use OU, which is not indexed, so would result in poorer performance.
If you have to use it, then you may write conditions on the AD attribute "distinguishedName"
View solution in original post
Join ISE to Active Directory. Then add whatever groups you want to use into ISE. At that point, then you will be able to use the AD groups in your authorization policies.
How do I create Authorization Policy using Active Directory Security Groups? Thanks.
I could see the option for OU 'CERTIFICATE Subject - Organization Unit'
Which option is for Active Directory Security Policy to add the groups?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: