03-04-2014 01:22 PM - edited 03-10-2019 09:29 PM
Does anyone know if this is possible to use ISE to hand out group policies on the ASA based on AD group, or username?
Solved! Go to Solution.
03-16-2014 08:28 PM
Hi Stephen,
If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.
Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.
Regards,
Jatin Katyal
*Do rate helpful posts*
03-05-2014 01:50 AM
Refer to BYOD Policy Enforcement using Security Group access from below
03-16-2014 08:28 PM
Hi Stephen,
If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.
Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.
Regards,
Jatin Katyal
*Do rate helpful posts*
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: