09-13-2017 12:28 PM
Does ISE have the ability to restrict a user login to one device across a distributed ASA environment? The user can login to ASA-1 with a laptop, but then they cannot then login to ASA-2 with their iPad. I know we can support this on the ASA and it looks like it's supported in ACS. Customer is asking as it's something they need to comply with as part of their FedRAMP requirements.
Solved! Go to Solution.
09-13-2017 12:56 PM
If referring to maximum concurrent sessions, an ACS parity feature, please see Configure Maximum Concurrent User Sessions on ISE 2.2 - Cisco
09-13-2017 12:56 PM
If referring to maximum concurrent sessions, an ACS parity feature, please see Configure Maximum Concurrent User Sessions on ISE 2.2 - Cisco
09-27-2017 04:40 PM
Thank you, hslai. Can you confirm that this will work if a customer is using ISE to authenticate users for both Clientless and AnyConnect? Example: iif User-A connects to clientless portal, they should be unable to login with AnyConnect.
09-28-2017 03:14 PM
I believe it would work if using two different client devices and each at a different location. If either the same client or presenting the same calling station ID, then they are likely treated as the same session.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide