05-30-2016 11:31 PM
Hello,
can i add a specific identity group as an identity source in the authentication policy ?
for example can i force ise in the authentication policy to authenticate only form specific AD group or specific local identity group ?
the current scenario that guests created by sponsors added to an identity group called "Guest-type Students" so can i use this group in the identity source sequence in the authentication policy ?
Solved! Go to Solution.
05-31-2016 07:31 AM
You would actually use the authorization policy to call this out.
Check out the example in the ISE Wireless Guest Setup Guide document
Page 47 figure 46
05-31-2016 04:31 AM
Hi,
Yes you can make your ISE authenticate based on a specific AD group, for that you will have to create rules with condition pointing as to which group you want to use.
For your third question, when the guests are created by sponsors, they get added to a group called "Guest-type Students" : well, this group is not gonna be created in your AD FYI, but you can still authenticate based on this particular group, you just have to create your Rule with the IF condition. In your rule, expand IF drop down box > User identity group and select the "Guest-type Students" group.
Regards.
05-31-2016 07:31 AM
You would actually use the authorization policy to call this out.
Check out the example in the ISE Wireless Guest Setup Guide document
Page 47 figure 46
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide