My setup as follows, I've ACS v4.1 integrated with active directory as external database. I've planned to configure the downloadable ACL on ASA to restrict the user's access, had been done successfully, seem its working fine but I have one issue with my sloppy users, I don't want the users from different groups to exchange their credentials between themselves and therefore all of them will have the same privilege. I'm looking for a way to oblige the ACS or ASA to accept the user's credentials only once and in case the same credentials entered again while the first user still login ACS or ASA will refuse the request.
Any way to apply this idea !!