Solved: ISE Identity source in authentication policy

kareali@cisco.com · ‎05-30-2016

Hello,

can i add a specific identity group as an identity source in the authentication policy ?

for example can i force ise in the authentication policy to authenticate only form specific AD group or specific local identity group ?

the current scenario that guests created by sponsors added to an identity group called "Guest-type Students" so can i use this group in the identity source sequence in the authentication policy ?

Jason Kunst · ‎05-31-2016

You would actually use the authorization policy to call this out.

Check out the example in the ISE Wireless Guest Setup Guide document

Page 47 figure 46

View solution in original post

alice.jessie · ‎05-31-2016

Hi,

Yes you can make your ISE authenticate based on a specific AD group, for that you will have to create rules with condition pointing as to which group you want to use.

For your third question, when the guests are created by sponsors, they get added to a group called "Guest-type Students" : well, this group is not gonna be created in your AD FYI, but you can still authenticate based on this particular group, you just have to create your Rule with the IF condition. In your rule, expand IF drop down box > User identity group and select the "Guest-type Students" group.

Regards.

Jason Kunst · ‎05-31-2016

You would actually use the authorization policy to call this out.

Check out the example in the ISE Wireless Guest Setup Guide document

Page 47 figure 46