Solved: Re: ISE1.4 external admin access

vchrenek · ‎03-17-2016

Hi Team,

I was testing multiple scenarios for external (AD) admin access. As per Cisco Identity Services Engine Administrator Guide, Release 1.4 - Manage Administrators and Admin Access Policies [Cisc…

we have two types of external admin access:

1. external authentication and external authorization

2. external authentication and internal authorization

First one is clear for me and works without any problem, but I tried to test second one where we don't need to create RBAC policies for external admin groups. Here the problem comes. I am not able to successfully login unless I create RBAC policy with the external identity group as a condition (internal doesn't work). As per the documentation, there is no need to create such policy. I tested this in 1.4 and 2.0 - the same result.

Did I misunderstand something in the documenation or this is new bug?

Thanks,

Veronika

hslai · ‎03-21-2016

I believe this is on a customer case. If so, please contact me offline for further discussions.

External auth with internal authorization is for token-based authentications, such as using RSA.

View solution in original post

vchrenek · ‎03-21-2016

Hi Team,

Anyone experienced the same issue as me?

Thanks,

Veronika

hslai · ‎03-21-2016

I believe this is on a customer case. If so, please contact me offline for further discussions.

External auth with internal authorization is for token-based authentications, such as using RSA.