Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex_Shpilman
Contributor

Identity Collector pxGrid parsing issue

Jump to solution

Hi,

I have Identity Collector integrated with AD and Cisco ISE.

The users' information coming from AD is based on logon names, while ISE pxGrid is based on UPNs.

When the users information from ISE is passed to the secure gateway, it can't find a match in AD.

For O365 compatibility, the UPNs are equal to the email addresses, while the logon names are in a different format so the IDC alias feature can't resolve the issue.

Is there a way to change the method IDC pareses the bulk connection table downloaded from Cisco ISE?

Any other ideas?

 

I logged a TAC case and was advised to change the IDC UserLoginAttr using GuiDBEdit under the relevant gateway, which didn't make any difference. 

Thanks!

0 Kudos
Reply
1 Solution

Accepted Solutions
Royi_Priov
Employee
Employee

Hi,

 

Please share the TAC SR details.

Is your usernames representations matching to the latest sentence in sk149854?

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

What do you think @Royi_Priov ?

0 Kudos
Reply
Royi_Priov
Employee
Employee

Hi,

 

Please share the TAC SR details.

Is your usernames representations matching to the latest sentence in sk149854?

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

Alex_Shpilman
Contributor

Hi Royi,

 

I will send you a message with the SR details.

However, the last scenario is exactly the situation I've got.

I will perform some testing and let you know the results.

 

Thanks for your help!

0 Kudos
Reply
Alex_Shpilman
Contributor

The CustomLoginAttr  works as expected, I just to change change the string to the below:

|(sAMAccountName=<<>>)(UserPrincipalName=<<>>@mydomain.com)

I had to add the domain to the query as it's being stripped off by the Identity Collectors, I am wondering if this behavior can be amended.

This wouldn't work if we had UPNs from multiple domains, but luckily this is not the case.

0 Kudos
Reply
Royi_Priov
Employee
Employee

That's great!

I'm happy to understand it's now working.

 

Thanks,

Royi.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Reply