Solved: Re: ISE Create Policy for Authentication Using Source AD User Allow Li

Lertpaiboon · ‎08-24-2022

I want to make a policy authentication for the assigned username list. I pulled the username list from MS Active Directory. I just require the Username that I specify; I do not require any other Usernames.

For example, there are 1000 total usernames in MS Active Directory, but I only require 500 of them, as defined.

----- Allow list For Authen ----
username : Dummy1
username : Dummy21
username : Dummy30
username : Dummy42
username : Dummy82

The remaining usernames cannot be authenticated.

How can policy authentication be created?

balaji.bandi · ‎08-24-2022

Then I suggest is create a new group and add that 500 users to a new Group and using that group in ISE is the best option I see here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎08-24-2022

Then I suggest is create a new group and add that 500 users to a new Group and using that group in ISE is the best option I see here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Walker · ‎08-24-2022

I am assuming you are using 802.1x for authentication. Are you using certificate authentication? If so, is there any distinct attribute that would identify these 500 users and not the others? Example, AD Groups, OU, or Location?

ISE Create Policy for Authentication Using Source AD User Allow List?