ISE TACACS Authorization Internal User Group - Cisco Community

1409

Views

0

Helpful

1

Replies

Hi All,

I have recently built an ISE 2.7 instance and I am trying to configure TACACS authorization based on the Group the user belongs to. I can do this with an AD (External Identity Store). But when I try to do the same with Internal users and groups I cannot work out how to create the Condition.

I had this working under v2.1.

When I try in v2.7 the below it removes the text 'NA-FULL' when I try to save it.

Any ideas?

John

1 Reply 1

Are you unable to select the drop down to search for the group? You should be able to find and reference the proper group via either condition:

-InternalUser:IdentityGroup EQUALS User Identity Groups: <your group>

-IdentityGroupName EQUALS User Identity Groups: <your group>

Is it possible the group does not exist? You create internal user groups here: Administration->Identity Management->Groups->User Identity Groups

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card