Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1944
Views
0
Helpful
7
Replies

ISE - Limit access to Mydevices?

Leroy Plock
Level 1
Level 1

‎08-07-2013 02:17 PM - edited ‎03-10-2019 08:44 PM

Hi all,

We would like to allow only certain users to access the mydevices portal. Ideally we would like only members of a specific active directory group to gain access.

If we set the authentication source to active directory, it allows any AD user in, no good.

I tried using an LDAP connector to AD and setting the Subject Search Base to a certain OU. In testing I found that users who are NOT within this OU are being allowed, I don't understand why.

Question: Can anyone explain why users outside the LDAP OU are being allowed?

Another Question: Can anyone come up with another way to limit access to Mydevices besides using Internal Users? We would rather not use internal users for a number of reasons.

Thanks for any help.

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Ravi Singh
Level 7
Level 7

‎08-07-2013 10:07 PM

ISE 1.2 supports that feature. You can limit the devices by ISE itself. Just check the release notes and configuration guide for the same.

0 Helpful

Leroy Plock
Level 1
Level 1
In response to Ravi Singh

‎08-08-2013 09:10 AM

Ravi,

Thank you for your reply.

I'm not understanding.  We want to limit the users accessing the portal. Not sure how "you can limit the deivces by ISE itself" relates.

Also, I looked for a configuration guide describing how to set up mydevices as I'm describing and couldn't find anything. Can you help me out with a URL?

Thank you.

0 Helpful

Anas Naqvi
Level 1
Level 1

‎09-26-2013 09:55 PM

Hi Leroy,

To allow an employee to log into the My Devices  portal, you must specify an identity store sequence. This sequence is  used with the login credentials of an employee to authenticate and  authorize the employee for access to the My Devices portal. Cisco ISE  includes a default identity store sequence for employees:  MyDevices_Portal_Sequence.

0 Helpful

Jimmi Hvidtfeldt
Level 1
Level 1

‎03-13-2017 12:49 PM

Hi Leroy

Did you ever find a solution to this issue?

We have kind of the same scenario where we wish for specific groups to be able to add devices using the portal.

And another group to another devicegroup. I too have been playing with the ldap method but still unable to get it working.

Cheers

Jimmi

0 Helpful

Leroy Plock
Level 1
Level 1
In response to Jimmi Hvidtfeldt

‎04-14-2017 11:55 AM

Nope, we gave up and used a workaround. Too bad, would have been nice.

0 Helpful

robertbrink1
Level 1
Level 1
In response to Leroy Plock

‎11-01-2017 04:24 AM

Hi,

Can you please share your workaround. I'm facing the same challenge. 

0 Helpful

dries_vb
Level 1
Level 1
In response to robertbrink1

‎03-13-2018 07:23 AM

This workaround does the trick: https://communities.cisco.com/docs/DOC-64526?mobileredirect=true

 

0 Helpful
Customers Also Viewed These Support Documents