Lab Minutes Forum
Technical Discussion => Security => Topic started by: danimax on February 06, 2014, 01:26:35 AM
-
Hello Forum.
I have a problem with authentication on ISE. We don't want a scenario whereby a credential can be used more than once to authenticate with ISE.
For example.
User A authenticate with ISE with usename : danimax.
Username "danimax credential" should not be used by any other person while user A is still Online.
We want 1 credential for 1 person.
-
For local and AD user, I do not believe there is a way to do that. For guest, you can limit one session per guest user but the subsequent login will disconnect the previous user which still is not what you are looking for. See below for an excerpt from the SIE 1.2 user guide.
Restricting Guests to One Active Network Session
You can restrict guests to having only one device connected to the network at a time. When guests attempt to connect with a second device, the currently-connected device is automatically disconnected from the network.
This is a global setting affecting all Guest portals.
Step 1 Choose Administration > Web Portal Management > Settings > Guest > Portal Policy.
Step 2 Check the Allow only one guest session per user option.
Step 3 Click Save.
-
As MC has noted as at ISE 1.2 for AD credential is not possible except we find a way of hacking it but I have try that. But guest service can limit session.
I think this feature is doable if cisco want to go for it.
Dan we have already talk over this.
-
Since ISE already have all the active session and user information, you would think it shouldn't be difficult to block subsequent login based on number of current session. Hopefully Cisco comes out with this in the future release.