We are deploying a OOB VGW NAC solution (4.7.2) and I have SSO working with the Unauthenticateed Role.
When I look at the online users all of them are:
But function as I would hope.
I also have an employee role that we created as well as a consultant role.
How do I associated a user to a role? (Other than unauthenticated.)
The access rule that I use for the employee role and consultant role are identical.
The only real difference is that employee devices have a narrower range of certification possibilities - That is a specific AV and registry entry that identifies it as a "corporate asset". The consultant devices can use a much broader set of AV's and such.
An auth provider can match to one role only. The caveat is that if you use the Mapping Rules and using the LDAP attributes, you can map then to different roles then.
More details on the LDAP mapping here: http://tinyurl.com/2ex5uol