Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
2
Replies

How to deny 1 AD Group wireless access

Go to solution
nduckett2
Level 1
Level 1

‎05-21-2018 09:26 AM

Hello all,

I am new to ISE and only have an eval license.  I am attempting to restrict access from a particular AD group from connecting to the wireless.

I am at the authorization policy, but do not see AD groups as a condition.  Do I need to make all the users of the AD group a User Identity Group first?  If so, is there a way to import this list from AD?

If I'm over complicating this, please let me know, but I haven't found anything specifically on this.

Thanks,

Nick

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-21-2018 09:50 AM

Basically, three steps:

  1. Join ISE to AD
  2. Add AD Groups to ISE
  3. Select the group condition in an authZ rule of a policy set.

Attached is a screen capture with ISE 2.4 showing the above steps.

Video Link : 17050

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-21-2018 09:50 AM

Basically, three steps:

  1. Join ISE to AD
  2. Add AD Groups to ISE
  3. Select the group condition in an authZ rule of a policy set.

Attached is a screen capture with ISE 2.4 showing the above steps.

Video Link : 17050

0 Helpful

Go to solution
nduckett2
Level 1
Level 1
In response to hslai

‎05-21-2018 10:05 AM

Not only was that a very prompt response, it was very detailed and accurate.

The issue I was facing was nothing was populating in the left hand side of the conditions field when I selected "user identity group" I would not have known to click on the right hand side if not for this video.

Thank you very much!

-Nick

0 Helpful
Customers Also Viewed These Support Documents