Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3172
Views
0
Helpful
2
Replies

ISE automatic purge of endpoints in a specific group

bgl-group
Beginner
Beginner

‎11-06-2017 07:40 AM - edited ‎02-21-2020 10:38 AM

I'm not sure if this possible so if someone could help me that would be good.

 

We want to lock down our ISE policies so that unauthenticated machines get very limited access. However our desktop support team still wants to be able to build PCs at desks.

 

To do this they need access to loads of AD and SCCM servers, which the unauth acl will not allow them to access.

 

They are happy to add the endpoints manually into a specific group. But may forget to take them out after the machine has been built - is it possible to automatically remove any endpoint in a specified group on a scheduled basis?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

agrissimanis
Beginner
Beginner

‎11-06-2017 08:46 AM

Under Administration -> Identity management -> Settings -> Endpoint Purge you can create rules that remove old endpoints from the database completely (used mainly to clear up old guest users, etc.), but I believe there is no functionality to just remove endpoint from a particular group automatically.