Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS how to limit AD max user sessions

I have WLC (7.4) that uses 802.1x auth with our ACS (5.3)

Our ACS connects to our AD as external identity.

How can I limit the max sessions per AD users

Access Policies > Max User Session Policy >  Max Session User Settings

-That would affect all my Access Policies

Access Policies > Max User Session Policy >  Max Session Group settings

-That only shows internal groups and doesnt reflect my AD external group.


For exemple certain AD users can have more sessions there other AD users

Can that be done?









Everyone's tags (1)
Cisco Employee

Hi Dash- Unfortunately there

Hi Dash-


Unfortunately there aren't any other options in restricting sessions for users in ACS. I had a similar request form a customer for ISE and ISE doesn't even support max sessions. I had requested that feature to be implemented so now we wait and see :)


Thank you for rating helpful posts!

Dash,You can leverage the


You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.


Tarik Admani


Tarik Admani *Please rate helpful posts*
New Member

Okay here is how yo do it.

Okay here is how yo do it.

In the "Access Services", you select & edit the service you want to use & check mark the group Mapping option in it.

Then you will see a "Group Mapping" option beneath the access policy that you just edited in the left panel of the ACS.

Now Select the "Group Mapping" option & select "Rule based result Selection" from the top. Now from the bottom right click "customize" & add in "AD:External Group"

Now you can specify conditions on for which AD Group you can MAP the Internal group & its related conditions i.e Max Session limitation.

Hope this helps.

New Member

Okay here is how yo do it. 

Thanks Ahmed ! Worked like a charm !

CreatePlease to create content