08-29-2018 08:57 AM
Can you enable DUO auth within a policy for ISE admin login on the landing ISE page?
Solved! Go to Solution.
09-01-2018 03:43 PM - edited 09-01-2018 03:44 PM
Yes, this should work.
Administrative Access to Cisco ISE Using an External Identity Store says,
...
External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.
...
...
As DUO is a RADIUS token ID source similar to RSA SecurID, we would follow the same mode and need creating internal admin users with the same usernames as those on DUO.
08-29-2018 10:49 AM
Please do Search the community for existing answers before posting questions.
06-19-2019 10:48 AM
09-01-2018 03:43 PM - edited 09-01-2018 03:44 PM
Yes, this should work.
Administrative Access to Cisco ISE Using an External Identity Store says,
...
External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.
...
...
As DUO is a RADIUS token ID source similar to RSA SecurID, we would follow the same mode and need creating internal admin users with the same usernames as those on DUO.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: