02-05-2020 11:14 PM
Hi,
I am deploying ISE right now, I have just joined AD.
My purpose was to add my AD user as superadmin so I can log into ISE with full access without using default or internal account.
To do that, I had to add a group from Directory... but the group includes more users and I don't want all them to have the full access to ISE.
How can i get around that issue ? For information, my team doesn't manage AD, AD is monitored by another team..
Thank you for your help.
Solved! Go to Solution.
02-06-2020 02:29 AM
When using an external User Group for ISE Admin login, you can only apply a "group" concept to the login authentication. It's purely membership based. Unlike the nice tools we have for RADIUS/TACACS+, we cannot perform any regular expressions or pattern matching to the Admin username entry.
Your bets bet would be to create a separate AD Group and move your power users there. Or not use AD at all, and then create local ISE Admin users.
02-06-2020 02:29 AM
When using an external User Group for ISE Admin login, you can only apply a "group" concept to the login authentication. It's purely membership based. Unlike the nice tools we have for RADIUS/TACACS+, we cannot perform any regular expressions or pattern matching to the Admin username entry.
Your bets bet would be to create a separate AD Group and move your power users there. Or not use AD at all, and then create local ISE Admin users.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide