cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

561
Views
0
Helpful
2
Replies
wags
Beginner

ISE 3.0 Internal User Accounts for TACACS+ - Have different password policy for different user accounts possible?

Based on this old post/answer this was not possible 3 years ago.  Is that still true today with ISE 3.0?

 

Paraphrase old post:

Is it possible to have an internal user account (for TACACS+ user) never expire AND to have the Users Password Policies in effect for all other users (password expiration, account lockout durations, etc.)?   Looking to have a service account that never expires and still use the password policies for the rest.

 

Answer was:

You have the option of modifying the User and Password policies globally for internal users but not per user.

 

Original link:

https://community.cisco.com/t5/network-access-control/ise-internal-user-account-never-expire/td-p/3424738

 

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Marcelo Morais
Advocate

Hi @wags ,

 please take a look at: CSCvu07107 ENH ISE Password Policy for Internal User per User/Group.

"...

Symptom:
Right now there is one password policy for all internal user groups. ISE could use password policies for multiple internal user per user/group instead of just one global policy.

Workaround:
none

Last Modified: May 3,2021
Status: Open
Severity: 6 Enhancement

..."

 

Hope this helps !!!

View solution in original post

2 REPLIES 2
Marcelo Morais
Advocate

Hi @wags ,

 please take a look at: CSCvu07107 ENH ISE Password Policy for Internal User per User/Group.

"...

Symptom:
Right now there is one password policy for all internal user groups. ISE could use password policies for multiple internal user per user/group instead of just one global policy.

Workaround:
none

Last Modified: May 3,2021
Status: Open
Severity: 6 Enhancement

..."

 

Hope this helps !!!

View solution in original post

wags
Beginner

Seems like a given that you would have the ability to assign different policies to different "objects".  Guess maybe the product team think everything should go to an external security entity for that flexability.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel