Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
10
Helpful
2
Replies

username for ISE to add/remove mac addresses entries

Go to solution
Noovi
Level 1
Level 1

‎10-17-2018 06:42 AM - edited ‎03-11-2019 01:50 AM

Hi Guys,

 

I am working on ISE 2.2 version. We are regularly adding/removing MAC addresses of phones into ISE endpoints group for authentication purpose.

Can we create one user profile that will have only minimal access to ISE like addition of MAC entries and ISE reporting purpose?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-17-2018 08:43 AM

You can create a local user in ISE or map an ldap/ad group to the Identity Admin group. This role should have the permissions you want, or close at least. 

 

idadmin.JPG

View solution in original post

Go to solution
ajc
Level 7
Level 7

‎10-19-2018 02:13 PM - edited ‎10-19-2018 02:15 PM

Check the following sequence of screenshots, you need an ADMIN GROUP which is related to an AD Group with the limited access to ISE Menu. That Group would be allowed some specific menu options/data. Finally you create a Policy so when you login into ISE the policy is applied and the restricted menu access is applied.

 

pic3.pngpic4.pngpic1.pngpic2.png

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎10-17-2018 08:43 AM

You can create a local user in ISE or map an ldap/ad group to the Identity Admin group. This role should have the permissions you want, or close at least. 

 

idadmin.JPG

Go to solution
ajc
Level 7
Level 7

‎10-19-2018 02:13 PM - edited ‎10-19-2018 02:15 PM

Check the following sequence of screenshots, you need an ADMIN GROUP which is related to an AD Group with the limited access to ISE Menu. That Group would be allowed some specific menu options/data. Finally you create a Policy so when you login into ISE the policy is applied and the restricted menu access is applied.

 

pic3.pngpic4.pngpic1.pngpic2.png

Customers Also Viewed These Support Documents