12-12-2022 04:33 PM
Posture check will be applied
1. Posture will be applied differently for each specific group
2. The user is subscribed to multiple user groups
3. Certain posture checks can be duplicated
How does Posture react in this case?
01-05-2023 12:47 AM
Hi Sangchul,
As per your assumption if a user-admin is in multiple groups like NOC, SOC team in AD . And both groups are added in ISE using external AD.
Then if you want to check the posture access for the admin user. So if you write an authorization policy as below
Policy name
COMPLIANCE Session posture status EQUALS Compliant
And
AD-external groups EQUALS AD/NOC Compliance Access policy - NOC
Compliance Session posture status EQUALS Compliant
And
AD-external groups EQUALS AD/SOC Compliance Access policy - SOC
In this case, the user is in both groups. But as per the first policy execute the first rule. So the user will have access as per the rule - Compliance Access policy - NOC
Even though the admin user is in the SOC team also but it will not be executed since the process will be next to the NOC rule.
-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-------------------------------------------------------------
Thanks,
G.Srinivasan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide