Cisco ISE and Cisco Secure ACS Parity
Cisco ISE introduces the following features to achieve parity with Cisco Secure ACS.
-
Disable user account if the configured date exceeds a specific period for individual users
-
Disable user account if the configured date exceeds a specific period for all the users globally
-
Disable user accounts after n days of configuration globally
-
Disable user accounts after n days of inactivity
-
Support for IP address range in all the octets for the network device
-
Configuration of network device with IPv4 or IPv6 address
-
Configuration of external proxy servers with IPv4 or IPv6 address
-
Support for maximum length of Network Device Group (NDG) name
-
Support for time and date conditions
-
Support for service selection rules, authentication rules, and authorization (standard and exception) rules with compound conditions having AND and OR operators
-
MAR configuration in Active Directory
-
Authorization profile configured with dynamic attribute
-
Two new values for the service-type RADIUS attribute
-
Increased internal user support for 300,000 users
-
Internal users authorization cache
-
Authenticate internal users against external identity store password
-
Use of length included flag while performing EAP-TLS authentication against a Terminal Wireless Local Area Network Unit (TWLU) client
-
Common Name and Distinguished Name support for Group Name attribute for LDAP Identity Store
For more information on Cisco ISE and Cisco Secure ACS parity features, see Cisco Identity Services Engine 2.1 Administration Guide