10-17-2018 06:42 AM - edited 03-11-2019 01:50 AM
Hi Guys,
I am working on ISE 2.2 version. We are regularly adding/removing MAC addresses of phones into ISE endpoints group for authentication purpose.
Can we create one user profile that will have only minimal access to ISE like addition of MAC entries and ISE reporting purpose?
Solved! Go to Solution.
10-17-2018 08:43 AM
You can create a local user in ISE or map an ldap/ad group to the Identity Admin group. This role should have the permissions you want, or close at least.
10-19-2018 02:13 PM - edited 10-19-2018 02:15 PM
Check the following sequence of screenshots, you need an ADMIN GROUP which is related to an AD Group with the limited access to ISE Menu. That Group would be allowed some specific menu options/data. Finally you create a Policy so when you login into ISE the policy is applied and the restricted menu access is applied.
10-17-2018 08:43 AM
You can create a local user in ISE or map an ldap/ad group to the Identity Admin group. This role should have the permissions you want, or close at least.
10-19-2018 02:13 PM - edited 10-19-2018 02:15 PM
Check the following sequence of screenshots, you need an ADMIN GROUP which is related to an AD Group with the limited access to ISE Menu. That Group would be allowed some specific menu options/data. Finally you create a Policy so when you login into ISE the policy is applied and the restricted menu access is applied.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide