Solved: SDA user with multiple SGT

ivan.yeung · ‎12-08-2021

Hi,

i just wonder if SDA is able to match a user with multiple SGT? the deployment guide assume a user only carry one SGT?

Regards,

Ivan

Greg Gibbs · ‎12-08-2021

An IP address (endpoint/user) can only be associated with a single SGT at one time. There is no capability to 'stack' SGTs.

Greg Gibbs · ‎12-08-2021

An IP address (endpoint/user) can only be associated with a single SGT at one time. There is no capability to 'stack' SGTs.

ivan.yeung · ‎12-08-2021

Hi Greg,

so the only way is create a bigger SGT group that covers different smaller SGT groups and assign that user in?

Regards,

Ivan

saxenanitesh8522 · ‎12-09-2021

hi ivan,

what is the use case of this?

if the user is admin or something then you can have one SGT and allow the access?

the IP address will be assigned from first rule he hits in the cisco ise.

ivan.yeung · ‎12-09-2021

say

User A is IT Manager which allow access IT resources and he/she is also a Project Manager of Project A, Project B.

User B is IT admin which allow access IT resources.

User C is a employee and a member of Project A.

User D is a employee and a member of Project B.

So i need to create another SG for User A instead of just put User A in IT resource+Project A+ Project B 's Group?