cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

587
Views
0
Helpful
4
Replies
manvik
Beginner

ISE Internal user disabled

I am running around a strange issue. My ISE internal users gets disabled automatically in 24 hours. 

All the users are TACACS users. They change the password from a network device and it works, but after 24 hours the same user gets disabled.

 

This user does not get disabled if I change the password directly from ISE admin GUI.

4 REPLIES 4
Amine ZAKARIA
Beginner

Hello @manvik

 

Go to Administration -> Identity Management -> Settings -> User Authentication Settings

 

in the password policy tab uncheck "Disable user account after":

 

passlifetime.JPG

 

And verify Account disable policy tab :

Acc disable policy.JPG

 

"Disable User account after" is set to 30 days to meet compliance and audit purpose. 

my doubt is why does account gets auto disabled after 24 hours of self password change.

As far as i know because the password did not get changed in that specific delay from 1 to 30.

Uncheck the box, save and check the box again of "Disable User account after" and wait for the 24h.

 

Or you can check BugSearch 

 

If the same behavior occurs, you can open a TAC case.

 

Hope that helps.

hslai
Cisco Employee

Copying from the on-box page-level help,

Check the Disable account after n days of account creation or last enable check box and enter the number of days. This option disables the user account when the account creation date or last access date exceeds the specified number of days. Administrators can manually enable the disabled user accounts, which reset the number of days count.

That means, it's expected to disable the user account after n days.

Please use the options in the Password Lifetime section, instead.

Note that, if the enable password configured for an internal user, then that also needs updated within the configured password lifetime.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube