Solved: Re: ISE 2.4 - TACACS using local database - can I create report of users?

cooperd5 · ‎11-03-2020

Hi,

have ISE 2.4 deployment using local database of network users for T+ admin on network. Can I run a report to list all current users? I can't find one and the manual export isn't ideal as it also exports passwords.

Thanks,

Darren

Mike.Cifelli · ‎11-03-2020

I know you could rely on APIs for something similar. If you are seeking to get an Active list your best bet would possibly be to look into MNT APIs, specifically session based ones (https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html). However, if just looking to generate a list of your internal users this would do the trick:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user/pass> --request GET https://<isepan>:9060/ers/config/internaluser

You can also use these filters: [firstName, lastName, identityGroup, name, description, email, enabled]

HTH!

View solution in original post

Mike.Cifelli · ‎11-03-2020

I know you could rely on APIs for something similar. If you are seeking to get an Active list your best bet would possibly be to look into MNT APIs, specifically session based ones (https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html). However, if just looking to generate a list of your internal users this would do the trick:

curl -k --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user <user/pass> --request GET https://<isepan>:9060/ers/config/internaluser

You can also use these filters: [firstName, lastName, identityGroup, name, description, email, enabled]

HTH!

cooperd5 · ‎11-03-2020

works a treat!

Thank you!