cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
0
Helpful
2
Replies

ISE Create Policy for Authentication Using Source AD User Allow List?

Lertpaiboon
Beginner
Beginner

I want to make a policy authentication for the assigned username list. I pulled the username list from MS Active Directory. I just require the Username that I specify; I do not require any other Usernames.

For example, there are 1000 total usernames in MS Active Directory, but I only require 500 of them, as defined.

  • ----- Allow list For Authen ----
  • username : Dummy1 
  • username : Dummy21
  • username : Dummy30
  • username : Dummy42
  • username : Dummy82

The remaining usernames cannot be authenticated.

How can policy authentication be created?

1 Accepted Solution

Accepted Solutions

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Then I suggest is create a new group and add that 500 users to a new  Group and using that group in ISE is the best option I see here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Then I suggest is create a new group and add that 500 users to a new  Group and using that group in ISE is the best option I see here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Walker
Beginner
Beginner

I am assuming you are using 802.1x for authentication. Are you using certificate authentication? If so, is there any distinct attribute that would identify these 500 users and not the others? Example, AD Groups, OU, or Location?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers