03-24-2015 08:39 AM - edited 03-10-2019 10:34 PM
So we all know we can leverage identity groups in authorization policy, can we leverage two of them ? I tried building a compound condition that uses an identity group (MAB) along with another identity group (User) and can not get the policy to hit..Thoughts?
03-24-2015 01:36 PM
Hi Ben,
Have you tried modifying the AuthZ policy directly and under the conditions section, choose an Endpoint Identity Group as well as a User Identity Group? I was able to do this in ISE 1.2.
03-24-2015 05:30 PM
I doubt that, as far as i can tell with ISE, when you are being authenticated either by mab or by a user/pass with ex PEAP, your identity is established as either, not both, and the identity is what gets compared to identity groups.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: