Thursday, October 7, 2021

Utilizing a SAN field on a Client Certificate to identify a dynamic ACL to apply - Cisco ISE

Hi all, just wondering if anyone knows if the title is feasible. Essentially we are attempting to deploy a certificate to client devices (using Intune), but with different access levels per device. We have had an idea whereas we will use a SAN field to enter information that ISE will then read, and then apply the relevant DACL.

I'm aware ISE does read the SAN fields of certificates, but I'm curious to know if I can create some form of Authorization Policy/Result that would be able to apply the DACL as required.



No comments:

Post a Comment