Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
1
Replies

ISE CWA with AD Authentication

Go to solution
Will Kerr
Level 1
Level 1

‎04-06-2016 05:00 PM - edited ‎03-10-2019 11:39 PM

Hey Guys,
I'm trying to configure a CWA that will only pass web auth if you login with a certain AD group.   I’m pretty sure you set the authentication for a CWA via an ISS on the portal configuration.  With an ISS you can’t lock it down to a specific group, and by the time they pass the web authentication I don’t think I could have them fail via an authz policy that references an AD group. 

Any help on making this work appreciated.

Thanks,

Will

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-07-2016 09:15 AM

Hi Will-

To answer your question: You control the actual access in your authorization policies. For instance, you can configure the policies where:

  1. 1) If user is part of internal ISE guest users then they get Intenret Only
  2. 2) If user is part of external AD group “Contractors” they get Internet+Some Internal access
  3. 3) If user is part of external AD group “Domain Users” then they get Internet Only+Access to Intranet site

You would control the actual access via Named ACLs in the WLCs that are then referenced in your Authorization Policies.

Thank you for rating helpful posts!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-07-2016 09:15 AM

Hi Will-

To answer your question: You control the actual access in your authorization policies. For instance, you can configure the policies where:

  1. 1) If user is part of internal ISE guest users then they get Intenret Only
  2. 2) If user is part of external AD group “Contractors” they get Internet+Some Internal access
  3. 3) If user is part of external AD group “Domain Users” then they get Internet Only+Access to Intranet site

You would control the actual access via Named ACLs in the WLCs that are then referenced in your Authorization Policies.

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents