Solved: ISE 3.0, TACACS internal user password change report

wags · ‎09-27-2021

We are in the process of migrating from Cisco ACS TACACS control of router/switch access to ISE TACACS control. Within the Cisco ACS TACACS system, a very heavily used report is when the password for a user was changed and how (admin, user, etc.) Is there an equivalent report within ISE TACACS that shows when an internal work center TACACS account has had a changed password and by whom?

Further Data which might be of value:

ISE Version 3.0.+

Programmatic tool for migration from ACS failed. Cisco TAC unable to recreate. Manual migration performed.

Work Center Identities using internal user database for TACACS user accounts.

All security functions seem to be working as expected WRT router/switch TACACS user authentication and authorizations.

Damien Miller · ‎09-27-2021

ISE 3.0 has a built in report for this, you can access it under the Operations > Reports > Audit and it will be called "User Change Password Audit".

View solution in original post

Damien Miller · ‎09-27-2021

ISE 3.0 has a built in report for this, you can access it under the Operations > Reports > Audit and it will be called "User Change Password Audit".

wags · ‎09-27-2021

I've been looking in the work center area. There are reports there, but not "operations". Too many report locations. TACACS is the guest, got to get my head wrapped around that concept. Thanks.