We know Cisco ISE amazingly supports network devices administration through TACACS+ protocol which allows granting different access levels and managing what command sets could be run in each level. However, this feature requires an additional license called Device Administration to be installed on ISE. TACACS+ has a few advantages over RADIUS when it comes to devices administration. However, in some small/medium environments having different admins access levels might not be required, and the only requirement would be just to give privilege level 15 to all admins that are in a specific AD group. Now the question is, can we accomplish this with ISE without having the device administration through TACACS+ feature enabled?! let’s find out this together! 🙂