cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1992
Views
15
Helpful
4
Replies

SDA user with multiple SGT

ivan.yeung
Level 1
Level 1

Hi,

i just wonder if SDA is able to match a user with multiple SGT? the deployment guide assume a user only carry one SGT?

Regards,

Ivan

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

An IP address (endpoint/user) can only be associated with a single SGT at one time. There is no capability to 'stack' SGTs.

View solution in original post

4 Replies 4

Greg Gibbs
Cisco Employee
Cisco Employee

An IP address (endpoint/user) can only be associated with a single SGT at one time. There is no capability to 'stack' SGTs.

Hi Greg,

so the only way is create a bigger SGT group that covers different smaller SGT groups and assign that user in?

Regards,

Ivan

hi ivan,

 

what is the use case of this?

 

if the user is admin or something then you can have one SGT and allow the access?

 

the IP address will be assigned from first rule he hits in the cisco ise.

hi  saxenanitesh8522,

say

User A is IT Manager which allow access IT resources and he/she is also a Project Manager of Project A, Project B.

User B is IT admin which allow access IT resources.

User C is a employee and a member of Project A.

User D is a employee and a member of Project B.

 

So i need to create another SG for User A instead of just put User A in IT resource+Project A+ Project B 's Group?