10-11-2023 08:01 PM
Hi Guys,
I have integrated my ISE to AD. Now I want to make my colleagues to login to ISE using their AD credentials. I am following up several documentations:
1. https://www.youtube.com/watch?v=oayotlYeW1E
2. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217351-ad-integration-for-cisco-ise-gui-and-cli.html
Both documents said that I should change the authentication type from Internal to the AD. So far I have setup everything but the authentication type, and the login failed. I was about to but became hesitant because of two things:
1. If I change the authentication type to AD, what will happen to the current session? Because I am still testing and my ISE is in production, I'm afraid I cannot perform the rollback
2. If I change the authentication type to AD, can I still use the internal authentication as a backup/failover authentication just in case?
3. Will the SSH login get affected too?
Solved! Go to Solution.
10-11-2023 09:37 PM
1. Nothing will happen to the current session. Regardless of the Authentication Type defined, ISE still allows you to select GUI authentication using a local Internal admin account.
2. Yes, as above
3. No. The CLI can be configured separately to use AD, but it has it's own caveats and limitations. See Integrate AD for ISE GUI and CLI Log in
10-11-2023 09:37 PM
1. Nothing will happen to the current session. Regardless of the Authentication Type defined, ISE still allows you to select GUI authentication using a local Internal admin account.
2. Yes, as above
3. No. The CLI can be configured separately to use AD, but it has it's own caveats and limitations. See Integrate AD for ISE GUI and CLI Log in
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide