Showing results for 
Search instead for 
Did you mean: 

Machine +User Auth for windows endpoint autheticating through ISE





This document discuss about machine + user end point authentication using ISE.


Is there any way to use machine + user authentication  at same time when authenticating Windows machine through ISE.  In Windows native supplicant there is option as

1) Machine OR user Auth

2) User Authentication

3) Machine Authentication

4) Guest authentication


You want to give more privileged access to endpoints where they are joined to AD domain AND the user is logged in using AD credentials.

Is there any way to achieve this functionality.




There is one way to achieve Machine+User authentication through ISE.


Prerequisites:  For windows 7 machine, please select “User or computer Authentication “ in authentication method ( Not applicable to Windows Xp)


You need to create two rules in Authorization policy as below


1st Rule  :     


iselabin.local:ExternalGroups==Domain  Computers


With the 1st rule , machine will get authorized access when machine boots up ( Before user enters his credentials)


2nd Rule:


Network Access:WasMachineAuthenticated ==True




iselabin.local:ExternalGroups==Domain Users


User will enter credentials and he will get authorized access because of  2nd Rule.Please find attached screen shot







1.) ISE release notes

2.) Anyconnect deployment




This document was generated from the following discussion: Machine +User Auth for windows endpoint authenticating through ISE


Thanks For this greatfull document , But i have an issues With My Wireless Employee Connexion (802.1X EAP connexion ) .

When user are on wired connexion and then come to wireless employee on XP or Seven the name of the machine is not automaticaly sent ti ISE in the 802.1x message. I Have to restart the machine to thave the machine name sent in the 802.1x Message .

Is this normal ? Is there any parameter to have the name of the machine sent auromaticaly on the wireless!!!!

Thanks for the support


Hi Boris,

Thanks for the appreciation for the document. Regarding the problem you are facing you can open a discussion where you can get help easily. I will also look for your querry.


Anim Saxena

Technical Community Manager: Network Security