Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1789
Views
0
Helpful
1
Replies

ISE policy set (Machine+user)

ibrahim_hassan
Level 1
Level 1

‎05-31-2015 06:13 AM - edited ‎03-10-2019 10:46 PM

Is there any way to create authorization rule that combine both machine and user identity groups in one rule?

for example, authorization profile match only if computer in external identity X and username in external identity group Y.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-31-2015 10:39 AM

Sure, we commonly use EAP chaining to address this use case. Please see "HowTo: EAP Chaining Deployment Configurations" on the ISE Design Guide page. 

Specifically see the section beginning on page 15 which describes:

In this example, these rules will be defined based on the EAP-Chaining results:

• If both user and machine both succeeded

• If user succeeded and machine failed

• No chaining is supported

0 Helpful
Customers Also Viewed These Support Documents