Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1413
Views
0
Helpful
1
Replies

ISE admin access external identity store

Go to solution
gaigl
Beginner
Beginner

‎11-11-2020 05:28 AM

Hello,

 

we've ISE 2.7 patch 2 and Super Admin Access is authenticated by a AD-Group (external Identity Store), this works without problem.

We've another Admin Group for an internal user-store, and this group is authenticated also external by another group on AD.

They login very rarely, but now they can't login anymore (invalid username or password)

They use this accounts for there daily work, so the accounts are ok

if I try to change the mapped group to a group where I'm member of, it works neither.

Under the AD connector the groups are fine, I can retrieve ssid or attributes.

The same occurs on a standalone ISE and on a Deployment (same Patch-Level)

 

Any Idea, where I can start the search?

 

Thanks

 

Karl

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gaigl
Beginner
Beginner

‎11-11-2020 05:50 AM

solved myself:

 

the 2. admin-group for user-administration had no entry in the RBAC-Policy

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gaigl
Beginner
Beginner

‎11-11-2020 05:50 AM

solved myself:

 

the 2. admin-group for user-administration had no entry in the RBAC-Policy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents