Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
5
Helpful
1
Replies

ISE deployment - AD Group

Go to solution
cnezakaren
Level 1
Level 1

‎02-05-2020 11:14 PM

Hi,

 

I am deploying ISE right now, I have just joined AD.

 

My purpose was to add my AD user as superadmin so I can log into ISE with full access without using default or internal account.

 

To do that, I had to add a group from Directory... but the group includes more users and I don't want all them to have the full access to ISE.

How can i get around that issue ? For information, my team doesn't manage AD, AD is monitored by another team..

 

Thank you for your help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎02-06-2020 02:29 AM

When using an external User Group for ISE Admin login, you can only apply a "group" concept to the login authentication. It's purely membership based. Unlike the nice tools we have for RADIUS/TACACS+, we cannot perform any regular expressions or pattern matching to the Admin username entry.

Your bets bet would be to create a separate AD Group and move your power users there. Or not use AD at all, and then create local ISE Admin users.

View solution in original post

1 Reply 1

Go to solution
Arne Bier
VIP
VIP

‎02-06-2020 02:29 AM

When using an external User Group for ISE Admin login, you can only apply a "group" concept to the login authentication. It's purely membership based. Unlike the nice tools we have for RADIUS/TACACS+, we cannot perform any regular expressions or pattern matching to the Admin username entry.

Your bets bet would be to create a separate AD Group and move your power users there. Or not use AD at all, and then create local ISE Admin users.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents