Moving users to a role other than unauthenticated

Answered Question
Jun 17th, 2010

We are deploying a OOB VGW NAC solution (4.7.2) and I have SSO working with the Unauthenticateed Role.

When I look at the online users all of them are:

WindowsADServerUnauthenticated Role

But function as I would hope.

I also have an employee role that we created as well as a consultant role.

How do I associated a user to a role? (Other than unauthenticated.)

Also

The access rule that I use for the employee role and consultant role are identical.

The only real difference is that employee devices have a narrower range of certification possibilities - That is a specific AV and registry entry that identifies it as a "corporate asset". The consultant devices can use a much broader set of AV's and such.

Correct Answer by Faisal Sehbai about 6 years 8 months ago

Rob,

An auth provider can match to one role only. The caveat is that if you use the Mapping Rules and using the LDAP attributes, you can map then to different roles then.

More details on the LDAP mapping here: http://tinyurl.com/2ex5uol

HTH,

Faisal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Faisal Sehbai Thu, 06/17/2010 - 06:38

Rob,

An auth provider can match to one role only. The caveat is that if you use the Mapping Rules and using the LDAP attributes, you can map then to different roles then.

More details on the LDAP mapping here: http://tinyurl.com/2ex5uol

HTH,

Faisal

Actions

This Discussion