Company Acme wants to use ISE to authenticate against their VPN. They have different connection profiles for different access. They don’t use the dropdown, they use the URL.
- Acme.com/pci
- Acme.com/it
- Acmine.com/users
- Acme.com/facilities
We have three test users
User1:
Memberof: pci,it, users
User2:
Memberof: facilities, users
User3:
Memberof, users, it
I don’t think we can break out connection profiles in ISE, so how would we make sure this work?
if User3 connects to the acme.com/it how do we make sure he gets the IT access rather than user?
If User2 connects to acme.com/user how do we make sure he gets user privilege rather than facilities?
In the past I've used NPS and I haven't had the issue of overlapping groups like this.
Thanks!
