Forum Discussion
DRJ
Altocumulus
May 23, 2019I've used AD group membership for this, but I'm guessing you already have admin auth working?
On the F5, create your F5 Remote Role Group (specify attribute string eg: F5-LTM-User-Info-1=monitoring) and the required Assigned Role level.
In ISE, add a rule in the Auth policy in the relevant Device Admin Policy Set. Match the device/AD user group, create your command set/shell profile as needed (create and match custom attribute to attribute string created for F5 Remote Role Group).
If I recall correctly I think that's pretty much all that's needed, but I could be forgetting something.