Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
2
Helpful
2
Replies

Nested Endpoint Identity Groups - What for?

Go to solution
Arne Bier
VIP
VIP

‎06-01-2025 09:44 PM

Hello,

I like the idea of creating EIG (Endpoint Identity Groups) in a hierarchical fashion, but I have run into a limitation - wondering if there is a solution for this.

If you create an EIG Hierarchy as follows:

Parent 1
Parent 2

and under each Parent, create a Child 1 Endpoint Identity Group, so that the result looks like this:

Parent 1
  Child 1
Parent 2
  Child 1

then you can create RADIUS Policy Set rules that refer to each Parent:Child relationship (where the semicolon is the delimiter) as

"Parent 1:Child 1"

or

"Parent 2:Child 1"

However, in Context Visibility, you cannot tell who the parent is when an endpoint is assigned as "Child 1" of either parent - that level of granularity is not available. In Context Visibility, you can statically set an EIG, but in the drop-down list, the options appear as 

Child 1
Child 1

No context about the parent. 

In the Context Visibility Browser, you don't see the Parent details either, and even worse, in the CSV import, there is no way to be specific about the exact Parent:Child relationship- you can only specify an EIG name - who knows where the endpoint will be assigned to...

So is it a bug, or just lacking feature support in ISE ?  Why allow hierarchical nesting of groups, when the implications of using such a feature makes it very hard (or pointless) in practice?

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎06-01-2025 10:26 PM

Hi @Arne Bier ,

 I totally agree !!!

 For me is  "just lacking feature support in ISE" ... as a workaround, what I do is something like this:

Parent 1
  P1-Child 1
Parent 2
  P2-Child 1

 

Best regards

 

View solution in original post

2 Replies 2

Go to solution
Marcelo Morais
VIP
VIP

‎06-01-2025 10:26 PM

Hi @Arne Bier ,

 I totally agree !!!

 For me is  "just lacking feature support in ISE" ... as a workaround, what I do is something like this:

Parent 1
  P1-Child 1
Parent 2
  P2-Child 1

 

Best regards

 

Go to solution
Arne Bier
VIP
VIP

‎06-01-2025 10:36 PM

@Marcelo Morais that's a great workaround - your naming conventions allows me to create the hierarchy in "Administration / Identity Management / Endpoint Identity Groups" screen to collapse the Groups under their parents. I like that! Thanks

Customers Also Viewed These Support Documents