cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

763
Views
0
Helpful
1
Replies
gaigl
Beginner

ISE admin access external identity store

Hello,

 

we've ISE 2.7 patch 2 and Super Admin Access is authenticated by a AD-Group (external Identity Store), this works without problem.

We've another Admin Group for an internal user-store, and this group is authenticated also external by another group on AD.

They login very rarely, but now they can't login anymore (invalid username or password)

They use this accounts for there daily work, so the accounts are ok

if I try to change the mapped group to a group where I'm member of, it works neither.

Under the AD connector the groups are fine, I can retrieve ssid or attributes.

The same occurs on a standalone ISE and on a Deployment (same Patch-Level)

 

Any Idea, where I can start the search?

 

Thanks

 

Karl

1 ACCEPTED SOLUTION

Accepted Solutions
gaigl
Beginner

solved myself:

 

the 2. admin-group for user-administration had no entry in the RBAC-Policy

View solution in original post

1 REPLY 1
gaigl
Beginner

solved myself:

 

the 2. admin-group for user-administration had no entry in the RBAC-Policy

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel