03-24-2015 08:39 AM - edited 03-10-2019 10:34 PM
So we all know we can leverage identity groups in authorization policy, can we leverage two of them ? I tried building a compound condition that uses an identity group (MAB) along with another identity group (User) and can not get the policy to hit..Thoughts?
03-24-2015 01:36 PM
Hi Ben,
Have you tried modifying the AuthZ policy directly and under the conditions section, choose an Endpoint Identity Group as well as a User Identity Group? I was able to do this in ISE 1.2.
03-24-2015 05:30 PM
I doubt that, as far as i can tell with ISE, when you are being authenticated either by mab or by a user/pass with ex PEAP, your identity is established as either, not both, and the identity is what gets compared to identity groups.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide