Lab Minutes Forum

Technical Discussion => Security => Topic started by: adecisco on September 21, 2013, 11:17:54 PM

Title: Limit ISE AD User Login
Post by: adecisco on September 21, 2013, 11:17:54 PM
MC please a quick one.

How can one ensure single logon for AD users. Situation exist where one users open multiple login session on different computer.

I know with ISE 1.2 guest session can be limited to one single signon but have been looking at corporate users using AD to login.

Thanks.
Title: Re: Limit ISE AD User Login
Post by: MC on September 22, 2013, 11:57:21 AM
That's an interesting question, adecisco. Like you said, you can limit number of concurrent guest login and number of registered device per user but I haven't come across a way to limit number of AD user login. I would think it would have to be a by number of active RADIUS session for the user but I doubt that there is a condition attribute that does this check that you can use.
Title: Re: Limit ISE AD User Login
Post by: adecisco on September 23, 2013, 12:17:00 AM
It was confirm by Cisco that the feature is not available. I keep thinking of way to hack this though!
Title: Re: Limit ISE AD User Login
Post by: MC on September 23, 2013, 09:09:51 AM
Yeah.. I am thinking the same but you would need to keep track of the number of active RADUS session for the user. ISE already have that information, it just need to make it available for us to use.
SimplePortal 2.3.7 © 2008-2024, SimplePortal