Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1508
Views
5
Helpful
2
Replies

Multi-tenant admin group for ISE platform

vidave
Cisco Employee
Cisco Employee

‎12-20-2018 06:46 PM

Hi Team,

Customer using 2.3P5 version, Currently it only supports single tenancy (ie. Single Admin group). Customer looking at migrating four different networks to this platform and there may be a requirement to have the different operational groups managing their own four network.

What’s the current Roadmap for the ISE Platform? 

Thank you,

Regards,

Dave Viral

+6 470254746

 

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎12-20-2018 09:10 PM

You'll have a hard time getting roadmap information on this forum - best to reach out internally to the ISE PM.

 

Has your customer considered using RBAC?  You can create some Data Access restrictions that will ensure that only the right people can edit their allowed devices.

 

It doesn't seem possible to HIDE the non-allowed devices - but you can enforce adds/changes to be made.

e.g. below the user group member can only edit the devices that are in location IPTEL-LOCATION-MILTON

If they try editing any other devices they get a GUI error.

 

It's not perfect, but potentially useful.  You can hide menu items though - but in a multi-tenanted environment the data hiding is probably more important. It seems like a bug to me that you can specify "No access" to ertain data elements, but ISE will still display the data. 

 

 

RBAC.PNG

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎12-21-2018 06:27 PM

This is possible but with some limitation -- See CSCvb55884

Customers Also Viewed These Support Documents