Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5386
Views
0
Helpful
3
Replies

Read only acceess Account creation on ISE

Go to solution
wajid_dabir
Level 1
Level 1

‎07-11-2016 09:03 AM - edited ‎03-10-2019 11:55 PM

Hi Team,

As per my network team, we can't create a read only account in ISE server to access all registered node? Is it true?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Steven Williams

‎09-12-2018 01:15 PM

Please see this earlier community post that will give you information how to use this feature.

https://community.cisco.com/t5/policy-and-access/read-only-web-access-to-ise-nodes/td-p/2327124

 

-Krishnan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
agapitca19
Level 1
Level 1

‎07-14-2016 07:00 PM

wajid_dabir,

Try this.

Administration>System>Admin Access>Administrators>Admin Groups>If it's an External Group like Active Directory, click the "+" sign, select the AD security group of the users OR if it's internal users, under Member Users add the user.

In Administration>System>Admin Access>Authentication>Identity Source:Select your choice(AD Group or Internal)

Authorization>Permissions>Menu Access>Click the checkbox of Menu Access that's closest to your requirement for read access>Select Duplicate>Rename the duplicate OR you may duplicate a Menu Access that has a higher level of Menu Access>Rename the duplicate>Click the renamed Menu Access>Edit it which are to be shown and hidden.

Authorization>Permissions>Data Access>Click the checkbox of Data Access that's closest to your requirement for read access>Select Duplicate>Rename the duplicate OR you may duplicate a Data Access that has a higher level of Data Access>Rename the duplicate>Click the renamed Data Access>Edit it which are to be shown and hidden.

Authorization>Permissions>Policy>Click Actions of any Rule Name>Duplicate>Rename the duplicate>If=click the "+" sign, select the user group(Internal or AD)>then=click the "+" sign, select the Menu and Data Access that you have created above>Save>Test it.

HTH.

***Please rate and mark the comment correct if you find it helpful.Thanks***

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to agapitca19

‎09-11-2018 02:18 PM

does this work? I have read there is no read only account that can be done with ISE.

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to Steven Williams

‎09-12-2018 01:15 PM

Please see this earlier community post that will give you information how to use this feature.

https://community.cisco.com/t5/policy-and-access/read-only-web-access-to-ise-nodes/td-p/2327124

 

-Krishnan

0 Helpful
Customers Also Viewed These Support Documents