Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2153
Views
25
Helpful
5
Replies

ISE AD Join - saving creds yes or no?

Go to solution
Arne Bier
VIP
VIP

‎03-12-2021 06:17 PM

Hello

 

I have read/heard two completely different reasons/theories why ISE allows the AD user creds to be saved at the time of joining an Active Directory domain. I have to say I never save the creds and I have yet to see the point of it:

1) Saving creds allows the PAN to easily join any nodes that are registered in the future without needing to enter the creds again. 

2) Saving creds is required to allow the AD profiler probe to work

 

I am comfortable with reason one and I don’t care if I have to enter the creds for each new ise node I register. 
But point two concerns me. Does the AD profiler probe really need this ? I have not tested but I was fairly sure that my AD probes work without saving AD creds. 

Does anyone know the real use case for saving AD creds? I can’t find an answer in the manuals. 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP
VIP