I had NAC appliance operational in L2 GW mode, the requirements are, first to activate directory SSO which had been done ant tested, the second requirement to control and manage the users willing to access internet.
Actually I had also ACS appliance running version 4.1, I managed to control and restrict the internet access for users by ACS but with credentials created on ACS's local database.
All the users credentials located on AD.
The problem, in the running setup the users have to enter their credentials twice for SSO AD login then for HTTP access from ACS, I need to know whether this is the best practice design for my requirements or there is another way to handle such case.
Appreciate the helpful comments..