cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1108
Views
0
Helpful
2
Replies

ISE assign SGT base on AD Group

raymondluis13
Level 1
Level 1

I have an ISE that connected to the AD. So, i want to assign the same group in AD (ip, devices, and all) to the SGT automatically. For example, if i have an IT group and HR group in AD, the ISE will automatically make SGT with the same group. And if the member of the group in AD is changing, the ISE will automatically change the SGT based on AD.

RL
2 Replies 2

You can assign an SGT based on any authz profile in auth (which includes AD group).  What is your question?

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

You can do that by selecting the SGT you want to assign to the users/devices from the "Security Groups" column in the "Authorization Policy" in the policy set. It is basically the column next to the profiles column where you assign the authorization profile. Obv, the SGTs should be created in advance, you can create them from the "TrustSec" section > Components > Security Groups.