Guest

Preview Tool

Cisco Bug: CSCvu95524 - ENH : Individual Admin Access login with AD

Last Modified

Jul 20, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.357) 2.6(0.156) 2.7(0.356)

Description (partial)

Symptom:
++ ISE Admin Access login works with AD only when the AD group is mapped to one of the Admin Groups in ISE. 
  - We cannot provide individual external users access for AD users

++ The additional Information "i" next to "External" checkbox under Admin users indicate that this is Applicable to users authenticating against RSA & Radius token external ID stores

Conditions:
++ Created an Admin user ‘captain’ and mapped it to the SuperAdmin group as an External user. 
 - After which when we tried to login using the AD credentials for the "captain" user, it fails with the error=Invalid Username or Password. Please try again.
- This was tested on 2 different servers of ISE 2.4 and 2.7, and the result was the same.

++ This is because even when mapped as an external user, the group from which the user credentials has to be fetched is unknown
 - For this to work, you will have to map an AD Group to an ISE Admin Group, and then map the Authz policies which are required
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.