Solved: ISE Login Using AD Account

fdharmawan · ‎10-11-2023

Hi Guys,

I have integrated my ISE to AD. Now I want to make my colleagues to login to ISE using their AD credentials. I am following up several documentations:
1. https://www.youtube.com/watch?v=oayotlYeW1E
2. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217351-ad-integration-for-cisco-ise-gui-and-cli.html

Both documents said that I should change the authentication type from Internal to the AD. So far I have setup everything but the authentication type, and the login failed. I was about to but became hesitant because of two things:
1. If I change the authentication type to AD, what will happen to the current session? Because I am still testing and my ISE is in production, I'm afraid I cannot perform the rollback
2. If I change the authentication type to AD, can I still use the internal authentication as a backup/failover authentication just in case?
3. Will the SSH login get affected too?

Greg Gibbs · ‎10-11-2023

1. Nothing will happen to the current session. Regardless of the Authentication Type defined, ISE still allows you to select GUI authentication using a local Internal admin account.

2. Yes, as above

3. No. The CLI can be configured separately to use AD, but it has it's own caveats and limitations. See Integrate AD for ISE GUI and CLI Log in

View solution in original post

Greg Gibbs · ‎10-11-2023

1. Nothing will happen to the current session. Regardless of the Authentication Type defined, ISE still allows you to select GUI authentication using a local Internal admin account.

2. Yes, as above

3. No. The CLI can be configured separately to use AD, but it has it's own caveats and limitations. See Integrate AD for ISE GUI and CLI Log in