08-29-2018 08:57 AM
Can you enable DUO auth within a policy for ISE admin login on the landing ISE page?
Solved! Go to Solution.
09-01-2018 03:43 PM - edited 09-01-2018 03:44 PM
Yes, this should work.
Administrative Access to Cisco ISE Using an External Identity Store says,
...
External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.
...
...
As DUO is a RADIUS token ID source similar to RSA SecurID, we would follow the same mode and need creating internal admin users with the same usernames as those on DUO.
08-29-2018 10:49 AM
Please do Search the community for existing answers before posting questions.
06-19-2019 10:48 AM
09-01-2018 03:43 PM - edited 09-01-2018 03:44 PM
Yes, this should work.
Administrative Access to Cisco ISE Using an External Identity Store says,
...
External Authentication and Internal Authorization—The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database.
...
...
As DUO is a RADIUS token ID source similar to RSA SecurID, we would follow the same mode and need creating internal admin users with the same usernames as those on DUO.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide