Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
5
Helpful
3
Replies

MARS with ACS

rohitsharmacisco
Level 1
Level 1

‎10-04-2007 04:12 AM - edited ‎02-21-2020 10:19 AM

I have integrated MARS 4.3.1 with ACS but I need to know how I can assign privilege levels for the users on the ACS for different privilege on MARS.

Labels:
0 Helpful
3 Replies 3

pmccubbin
Level 5
Level 5

‎10-04-2007 05:24 AM

Hi Rohit,

The privilege levels are only assigned on the MARS box itself. There is nothing on the ACS which will assign users different privileges on MARS.

You can create four types of Users in MARS:

Admin--Superuser

Security Analyst--all privileges except Admin

Notifications Only--this account receives emails or reports generated by MARS

Operator-Read Only access

This is from the 4.3 User Guide:

"When the MARS Appliance operates with the AAA authentication method, every login except the administrator accounts are authenticated by the external AAA server.

All authentication method changes, successful logins, and failed logins are captured as event messages."

Hope this helps.

Paul

0 Helpful

rohitsharmacisco
Level 1
Level 1
In response to pmccubbin

‎10-04-2007 05:32 AM

Hi Paul

Thanks for the quick reply. My client already has ACS with users with privileges assigned for the various network devices. Since MARS had authentication feature through ACS-Radius, I was planning to create users on ACS and assign them different privilege and depending on the privilege which will be assigned through ACS, they will be assigned Analyst or Operator role.

Is this possible or am I interpreting the ACS integration in a wrong way.

If I cannot assign privilege levels for users why would I want authentication of MARS with ACS. Any ideas.

0 Helpful

pmccubbin
Level 5
Level 5
In response to rohitsharmacisco

‎10-04-2007 06:16 AM

Hi Rohit,

I believe you are interpreting the ACS integration in the wrong way. Though it's a good idea and a valid Product Enhancement Request.

The only reason you would have authentication of MARS users by an ACS would be to record failed logins. Many companies are required by their auditors to record these sort of events.

I readily admit this isn't much but it's going to take time for a more granular approach to be developed between MARS and ACS.

Hope this helps.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents