Solved: ISE 3.0 Internal User Accounts for TACACS+ - Have different password policy for different user accou...

wags · ‎07-26-2021

Based on this old post/answer this was not possible 3 years ago. Is that still true today with ISE 3.0?

Paraphrase old post:

Is it possible to have an internal user account (for TACACS+ user) never expire AND to have the Users Password Policies in effect for all other users (password expiration, account lockout durations, etc.)? Looking to have a service account that never expires and still use the password policies for the rest.

Answer was:

You have the option of modifying the User and Password policies globally for internal users but not per user.

Original link:

https://community.cisco.com/t5/network-access-control/ise-internal-user-account-never-expire/td-p/3424738

TIA

Marcelo Morais · ‎07-26-2021

Hi @wags ,

please take a look at: CSCvu07107 ENH ISE Password Policy for Internal User per User/Group.

"...

Symptom:
Right now there is one password policy for all internal user groups. ISE could use password policies for multiple internal user per user/group instead of just one global policy.

Workaround:
none

Last Modified: May 3,2021
Status: Open
Severity: 6 Enhancement

..."

Hope this helps !!!

View solution in original post

Marcelo Morais · ‎07-26-2021