Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6483
Views
0
Helpful
2
Replies

ISE to assign group policies on ASA

Go to solution
Stephen Brady
Level 1
Level 1

‎03-04-2014 01:22 PM - edited ‎03-10-2019 09:29 PM

Does anyone know if this is possible to use ISE to hand out group policies on the ASA based on AD group, or username?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-16-2014 08:28 PM

Hi Stephen,

If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.

Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

 

~Jatin

View solution in original post

Preview file
168 KB
0 Helpful
2 Replies 2

Go to solution
Saurav Lodh
Level 7
Level 7

‎03-05-2014 01:50 AM

Refer to BYOD Policy Enforcement using Security Group access from below

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Policy.html

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-16-2014 08:28 PM

Hi Stephen,

If I am not wrong you would like to push the group-policy name to configure group-lock feature. Yes, this can be done based on the AD (as a condition). Please look at the attached screen shot of how you can define the ASA group on ISE. The same group (case sensitive) should be predefined on the ASA to lock the user of the AD group to that specific group-policy only.

Once you're done with the authorization profile, create a authz rule under policy elements > authorization > create a condition with the AD group you want and select the autorization profile you created as a result in the previous step.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

 

~Jatin
Preview file
168 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents