Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Portal Identity Store Sequence

As part of my ISE deployment I have configured the last rule in the Autentication Rules to continue if a user is found in Identity Store Sequence BYOD-USERS.

This Identity store specifies that Active Directory and Guest users should be searched, when a user logins into the Guest Sponsor Portal.

However at the moment Guest users are working fine and are permitted onto the Guest network once they have authenticated, as part of a corresponding Authroization profile however with Active Directory I only want a small subsection of users who can continue once entering in their details. If the user isn't in that particular AD security group they can't progress further from the guest portal.

So my question is, is the identity store sequence where I have requested that active directory be searched that I can filter which user group can potentially login. I understand that under the Active Directory Identity store I can specifiy groups which I have done, but my question is can I restrict which groups are search in the identity store sequence for active directory.

Thank you for your help in advance guys.

Everyone's tags (1)
1 REPLY
Cisco Employee

Guest Portal Identity Store Sequence

Tony,

They way to accomplish this (I think) would be to create another Identity Source.  Go to Administration > Identity Management > External Identity Sources.  From there, click LDAP from the menu on the left.

LDAP1.GIF

Click the +Add button to add an identity source.  Bind this connection to the AD server you are currently using.  Choose the groups you want to be in the Authorization Profile and then, Choose the Attributes for the Identity Source:

LDAP2.GIF

From here, you MUST use the full LDAP object name for the group to get the list of attributes:

LDAP3.GIF

Click Submit, then OK (the dialog might just contain the number 1).  Use this new Identity Source in your Identity Source Sequence.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

210
Views
0
Helpful
1
Replies
CreatePlease login to create content