Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
2
Replies

Passive ID - Security Group Tags

michaellperrin
Level 1
Level 1

‎12-01-2016 11:34 AM - edited ‎03-11-2019 12:16 AM

I'm looking to replace my CDA with ISE for transparent user auth for our WSA.

The thing that I'm seeing is when I want to add users and groups to an access policy, I cannot add AD Groups like I can with the CDA setup. I can only use SGT's.  That's fine for wireless users who auth with dot1x because I can add the SGT based on AD group.

For wired users not using dot1x passive ID maps the user to the IP, and If I add the username to the access policy on the WSA it works, however these users don't have a SGT. Is there anyway to add a SGT to an AD group? Or anyway to make a policy on the WSA using an AD group with PassiveID and ISE?

Labels:
0 Helpful
2 Replies 2

Not applicable

‎07-19-2017 07:22 AM

Hello,

i have same problem, you solved this?

thanks

0 Helpful

michaellperrin
Level 1
Level 1
In response to

‎07-19-2017 07:49 AM

I heard it's coming to WSA, but not yet supported.

0 Helpful
Customers Also Viewed These Support Documents