Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
1
Replies

ISE 2.7 : Sponsor groupe with AD user can see all guest accounts.

mmisonne
Level 2
Level 2

‎09-07-2021 08:24 AM

Hello,
I created a new sponsor groupe with user member from AD.
and with the right to manage "only account sponsor has created"

The pb is they can see and manage all guest account.

I noticed that I have this pb only with AD user , not Internal users.
I noticed also, that if I remove all member from AD in the list, they still can login...!
However, they are not specify in any other sponsor group.

It is like the AD-User are automatically members of group "ALL_ACCOUNTS", even if thy are not configured in it.
I user ISE v2.7 patch2.

 

Michel Misonne

0 Helpful
1 Reply 1

howon
Cisco Employee
Cisco Employee

‎09-07-2021 02:21 PM - edited ‎09-07-2021 02:22 PM

Do you have a match policy for ALL_ACCOUNTS groups configured for 'Other conditions (optional)'? If not, then you shouldn't be matching the ALL_ACCOUNTS group and suggest creating a TAC SR for troubleshooting.

0 Helpful
Customers Also Viewed These Support Documents