07-26-2021 08:17 AM
Based on this old post/answer this was not possible 3 years ago. Is that still true today with ISE 3.0?
Paraphrase old post:
Is it possible to have an internal user account (for TACACS+ user) never expire AND to have the Users Password Policies in effect for all other users (password expiration, account lockout durations, etc.)? Looking to have a service account that never expires and still use the password policies for the rest.
Answer was:
You have the option of modifying the User and Password policies globally for internal users but not per user.
Original link:
TIA
Solved! Go to Solution.
07-26-2021 01:40 PM
Hi @wags ,
please take a look at: CSCvu07107 ENH ISE Password Policy for Internal User per User/Group.
"...
Symptom:
Right now there is one password policy for all internal user groups. ISE could use password policies for multiple internal user per user/group instead of just one global policy.
Workaround:
none
Last Modified: May 3,2021
Status: Open
Severity: 6 Enhancement
..."
Hope this helps !!!
07-26-2021 01:40 PM
Hi @wags ,
please take a look at: CSCvu07107 ENH ISE Password Policy for Internal User per User/Group.
"...
Symptom:
Right now there is one password policy for all internal user groups. ISE could use password policies for multiple internal user per user/group instead of just one global policy.
Workaround:
none
Last Modified: May 3,2021
Status: Open
Severity: 6 Enhancement
..."
Hope this helps !!!
07-26-2021 02:03 PM
Seems like a given that you would have the ability to assign different policies to different "objects". Guess maybe the product team think everything should go to an external security entity for that flexability.
10-03-2023 10:22 AM
Update: This is now available in 3.2:
https://community.cisco.com/t5/network-access-control/determine-password-age-of-an-ise-3-1-tacacs-user-internal/td-p/4802593
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide