cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

466
Views
0
Helpful
1
Replies
MorrisonJ
Beginner

ISE TACACS Authorization Internal User Group

Hi All,

 

I have recently built an ISE 2.7 instance and I am trying to configure TACACS authorization based on the Group the user belongs to. I can do this with an AD (External Identity Store). But when I try to do the same with Internal users and groups I cannot work out how to create the Condition.

 

ISE 27 External Group.JPG

 

I had this working under v2.1.

ISE 21 External Group.JPG

 

When I try in v2.7 the below it removes the text 'NA-FULL' when I try to save it.

ISE 27 Internal Group 1.JPG

 

Any ideas?

 

 

John

1 REPLY 1
Mike.Cifelli
VIP Advocate

Are you unable to select the drop down to search for the group? You should be able to find and reference the proper group via either condition:

-InternalUser:IdentityGroup EQUALS User Identity Groups: <your group>

-IdentityGroupName EQUALS User Identity Groups: <your group>

 

Is it possible the group does not exist? You create internal user groups here: Administration->Identity Management->Groups->User Identity Groups 

Content for Community-Ad