08-07-2013 02:17 PM - edited 03-10-2019 08:44 PM
Hi all,
We would like to allow only certain users to access the mydevices portal. Ideally we would like only members of a specific active directory group to gain access.
If we set the authentication source to active directory, it allows any AD user in, no good.
I tried using an LDAP connector to AD and setting the Subject Search Base to a certain OU. In testing I found that users who are NOT within this OU are being allowed, I don't understand why.
Question: Can anyone explain why users outside the LDAP OU are being allowed?
Another Question: Can anyone come up with another way to limit access to Mydevices besides using Internal Users? We would rather not use internal users for a number of reasons.
Thanks for any help.
08-07-2013 10:07 PM
ISE 1.2 supports that feature. You can limit the devices by ISE itself. Just check the release notes and configuration guide for the same.
08-08-2013 09:10 AM
Ravi,
Thank you for your reply.
I'm not understanding. We want to limit the users accessing the portal. Not sure how "you can limit the deivces by ISE itself" relates.
Also, I looked for a configuration guide describing how to set up mydevices as I'm describing and couldn't find anything. Can you help me out with a URL?
Thank you.
09-26-2013 09:55 PM
Hi Leroy,
To allow an employee to log into the My Devices portal, you must specify an identity store sequence. This sequence is used with the login credentials of an employee to authenticate and authorize the employee for access to the My Devices portal. Cisco ISE includes a default identity store sequence for employees: MyDevices_Portal_Sequence.
03-13-2017 12:49 PM
Hi Leroy
Did you ever find a solution to this issue?
We have kind of the same scenario where we wish for specific groups to be able to add devices using the portal.
And another group to another devicegroup. I too have been playing with the ldap method but still unable to get it working.
Cheers
Jimmi
04-14-2017 11:55 AM
Nope, we gave up and used a workaround. Too bad, would have been nice.
11-01-2017 04:24 AM
Hi,
Can you please share your workaround. I'm facing the same challenge.
03-13-2018 07:23 AM
This workaround does the trick: https://communities.cisco.com/docs/DOC-64526?mobileredirect=true
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide