Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACS integration with RSA and AD

I have a question about integrating RSA and AD with ACS.  What I am wondering is if I can create an authorization profile to have ACS check AD attributes (i.e. if a user is in a certain AD group) while using RSA for the authentication piece in the access policy?

For example, the access policy would use RSA for the external group authentication, but use AD for the authorization profile.

I think this will work, but I want to be sure.



Cisco Employee

ACS integration with RSA and AD

As long as the RSA store has the same username as the AD user this will work as you expect, with a little trickery.

You would need to create an Identity Store Sequence, and for the password authentication only look in the RSA store, but for the attribute lookup only look in the AD store and point the access service to use your Identity Store Sequence.

Users would be prompted to authenticate using their RSA tokens, then get passed back a result based on whatever rules you have set for specific AD OUs.

New Member

ACS integration with RSA and AD

Thanks for the information.  RSA will have the same username since it's going to be integrated with AD as well. 

CreatePlease to create content