I currently have and ACS system authenticating against a Win2K3 AD database. I have a user that is a member of multiple security groups that are mapped to multiple groups on the ACS. I want to be able to force authentication against a specific group based on the device group that is being used for authentication.
For example, User1 is a member of GroupA, GroupB, and GroupC in the AD. GroupA is mapped to Group1 in the ACS, GroupB is mapped to Group2, and GroupC is mapped to Group3. I have three device groups called switches, firewalls, and routers.
When User1 logs into a router, I want him to be authenticated against Group1. When User1 logs into a switch, authenticate against Group2, and a firewall would be authenticated against Group3. Is it posssible to even do this? If so, how?
Thanks for your help!