Hi ,

I am using ISE-eval  version 3.1.

I am new to cisco ise and trying to configure a set of authorization profiles for different category of users such as doctors/nurses. 

For this purpose:

1.i have created internal users(identities) and grouped them into User Identity Groups names as 'doctors'/'nurses'.

2. Now i have created new conditions under policyElements as:  a) IdentityGroup·Name = UserIdentityGroups:doctors and b) IdentityGroup·Name = UserIdentityGroups:nurses.

3. Then moved to create a new Policy Set to link an already created authorization-policy and authentication-policy. Under 'conditions' column, the condition studio pops-up , but i cannot see the conditions created in above step-2. Attached reference screenshot for the same

May i know if i have missed any steps?

Is it not possible to define a policyset based on identityGroup? If not possible then how to achieve the same in my case where i want to apply different authorization-policy(and acls etc) for different usergroups defined internally in the cisco-ise.

Also if 'IdentityGroup' based condition is not used in policy-set why its shown as option while creating conditions? is it used for some other purpose? please clarify.

Thanks,

...Balaji