Changelog

0.3.0 May 22, 2026

Tested versions: link

Add support for TrustSec Multiple Matrices (requires Cisco ISE 3.4 Patch 2 or above)
Add support for extended policy condition nesting from 3 to 7 levels (1 root + 6 nested children) for all 12 Network Access and Device Admin policy resources
Add automatic profiler profile ID lookup for EndPointPolicy conditions in authorization rules
Fix issue with missing certificate_authentication_profile field in identity source sequences when field is not defined in YAML
Add support for network device group references in TrustSec IP-SGT mappings and mapping groups with proper ID resolution
Add support for network device references in TrustSec IP-SGT mappings and mapping groups with proper ID resolution
Add deploy target resolution that selects between network devices (ND), network device groups (NDG), or all devices (ALL) based on deploy_type attribute in IP to SGT mapping and IP to SGT mapping groups
Add support for network access dictionary attributes
Fix support for custom network device group type names using single-segment path
Fix issue with circular condition references causing failures on fresh deployments
Fix issue with policy set rule ranking when Default policy set is used

Tested versions: link

Fix Certificate Authentication Profile defaults and add proper support for username_from: UPN mode with Active Directory
BREAKING CHANGE: Active Directory groups field now requires object format with name field instead of string format
Add support for adding AD groups using name and SID without domain join and lookup
Fix issue where *_eap_tls_auth_of_expired_certs attributes in allowed protocols were incorrectly set to false instead of null when parent EAP-TLS method is disabled, causing ISE API validation errors (PEAP, EAP-FAST, TEAP)
Add support for optional Active Directory join operation with join_domain flag, allowing creation of join points and addition of groups without executing join
Add support for automatic TrustSec policy push (SGTs, SGACLs, and egress matrix) to network devices with configurable push_mode (AUTO/DISABLED)
Add support for shell profile av-pairs under authorization profiles

Tested versions: link

Fix issue with Cisco AV pairs not working properly within an authorization profile
Fix issue with incorrect merging of authorization rules

Tested versions: link

Tested versions: link

Fix issue with unordered policy sets, authentication rules, authorization rules, authorization global exception rules, and authorization exception rules under network access and device administration
BREAKING CHANGE: Rename trustsec_download_enviroment_data_every_x_seconds attribute to trustsec_download_environment_data_every_x_seconds in Network Device data model
Fix issue with incorrect generated ranks in multiple policies link
Fix update-in-place during import of user identity group, endpoint identity group, network device group, device admin condition, device admin time and data condition, device admin policy set, network access condition, network access time and date condition and network access policy set

Tested versions: link

Add parent_group attribute to user_identity_group
Support new *_update_rank resources to allow changing the rank of policy sets or rules without impacting existing configurations
Support active directory configurations without groups
Added support for managing endpoints
Added support for default user identity groups assignment under internal users
Fix incorrect description attribute of network_device_groups configuration
BREAKING CHANGE: endpoint_identity_groups and user_identity_groups now support nested children in favor of parent references

Tested versions: link

Fix issue with error due to missing settings for allowed_protocols and EAP-TLS stateless session resume
Add support for active directory configuration
Added ise_identity_source_sequence support
BREAKING CHANGE: Split attribute_name to dictionary_name and attribute_name
BREAKING CHANGE: Removed manage_* Terraform module variables
Allow updating default policy sets and rules

Tested versions: link