Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 5.3 SecurID and AD for vpn access

Hi, within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.

For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.

For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.

Are there some parameter to use in compound conditions for SecurID ?

How to ?

thanks

Everyone's tags (4)
2 REPLIES
Gold

ACS 5.3 SecurID and AD for vpn access

You can use the following attribute in the authorization condition. The "AuthenticationIdentityStore" attribute in the "System" dictionary. This contains the name of the dictionary that was authenticated against. Best to combine this with condition

"System.AuthenticationStatus match AuthenticationPassed" and "System.AuthenticationIdentityStore equals RSA"

New Member

Re: ACS 5.3 SecurID and AD for vpn access

ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA and AD) ?

The "Attribute retrieval sequence" in "Identity Sote Sequence" could help me ?

That should be great.

thank you in advance

459
Views
0
Helpful
2
Replies
CreatePlease to create content