cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
165
Views
2
Helpful
5
Replies

Change username when users are synced with Cisco ISE

dominikl
Level 1
Level 1

Hi,

We want to sync the Users in DUO with the new function offered in Cisco ISE 3.3.
Configure ISE 3.3 Native Multi-factor Authentication with Duo - Cisco

This is working properly, the connection works and users are synced. The only problem we are facing is that in the past (with AD integration to DUO) we could define that the "userPrincipalName" is used as username. With the new solution it is using the "sAMAccountName". 

We can change the username manually for each user, but with the next sync the user is added an additional time with the "sAMAccountName".

Is there a way that the username is changed automatically when the users are synced?

1 Accepted Solution

Accepted Solutions

@dominikl I talked to someone on the ISE team and they confirmed the username source attribute in their sync is hardcoded to sAMAccountName.

I think you can contact TAC or your Cisco account team if you'd like to submit this as a feature enhancement to ISE (based on the answers in this post https://community.cisco.com/t5/network-access-control/ise-feature-requests/td-p/3685837).

Duo, not DUO.

View solution in original post

5 Replies 5

Thanks for this suggestion, but the steps in that article are not relevant to the ISE API integrations.

Duo, not DUO.

DuoKristina
Cisco Employee
Cisco Employee

The ISE sync was developed by ISE, not by Duo, and does not exactly replicate options available in Duo's own directory sync.

I'm not aware of a way to change the source attribute for usernames in the ISE sync. You might want to ask in the ISE forum here https://community.cisco.com/t5/network-access-control/bd-p/discussions-network-access-control, or contact TAC to raise a support case for ISE.

ETA I see the official ISE product documentation for releases 3.3 and 3.4 does specify sAMAccountName is used as the source username attribute and does not mention the ability to select an alternate.

Duo, not DUO.

@dominikl I talked to someone on the ISE team and they confirmed the username source attribute in their sync is hardcoded to sAMAccountName.

I think you can contact TAC or your Cisco account team if you'd like to submit this as a feature enhancement to ISE (based on the answers in this post https://community.cisco.com/t5/network-access-control/ise-feature-requests/td-p/3685837).

Duo, not DUO.

@DuoKristina Thank you for your response and checking with our colleagues from the ISE Team. I will create a feature enhancement request for ISE to add this feature. 

Quick Links