Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
5
Helpful
2
Replies

Policy Set: Internal users OR Active directory

Go to solution
wuet
Level 1
Level 1

‎02-07-2022 05:38 AM

Hello together

 

I have different client types, which all authenticates with MsCHAPv2.

 

Some groups of clients has the accounts/passwords stored as internal user in the Cisco ISE, other accounts/passwors are stored in the active directory. 

 

Now I want to make a policyset, where all clients with MsChapV2 first search in the internal store of the ISE. If the users there are not found, it should look in the active directory. 

 

Is it possible to do it like this?

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎02-07-2022 05:56 AM - edited ‎02-07-2022 05:56 AM

As long as a user is verified against a policy set based on the matched protocol, an identity source sequence with internal store and AD can be used to verify the user in these stores. Provided internal store is the first in the sequence, it will be checked first followed by AD.

View solution in original post

2 Replies 2

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎02-07-2022 05:56 AM - edited ‎02-07-2022 05:56 AM

As long as a user is verified against a policy set based on the matched protocol, an identity source sequence with internal store and AD can be used to verify the user in these stores. Provided internal store is the first in the sequence, it will be checked first followed by AD.

Go to solution
wuet
Level 1
Level 1
In response to UdupiKrishna

‎02-07-2022 07:47 AM

Perfect, the sequences is what I searched. Thank you very much for your fast answere!

0 Helpful
Customers Also Viewed These Support Documents