Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
1
Replies

User has multiple ise posture check domains

sangchul
Level 1
Level 1

‎12-12-2022 04:33 PM

Posture check will be applied

1. Posture will be applied differently for each specific group

2. The user is subscribed to multiple user groups

3. Certain posture checks can be duplicated

How does Posture react in this case?

0 Helpful
1 Reply 1

srigovi2
Cisco Employee
Cisco Employee

‎01-05-2023 12:47 AM

Hi Sangchul,

 

As per your assumption if a user-admin is in multiple groups like NOC, SOC team in AD . And both groups are added in ISE using external AD.
Then if you want to check the posture access for the admin user. So if you write an authorization policy as below

 

Policy name

 

COMPLIANCE     Session posture status EQUALS Compliant
                                                       And
                                   AD-external groups EQUALS AD/NOC                         Compliance Access policy - NOC

 

Compliance         Session posture status EQUALS Compliant
                                                        And
 
                               AD-external groups EQUALS AD/SOC                              Compliance Access policy - SOC

 

In this case, the user is in both groups. But as per the first policy execute the first rule. So the user will have access as per the rule -  Compliance Access policy - NOC 
Even though the admin user is in the SOC team also but it will not be executed since the process will be next to the NOC rule. 

 

 

-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
 

-------------------------------------------------------------

 

Thanks,

G.Srinivasan

0 Helpful
Customers Also Viewed These Support Documents