I've created and mapped security groups in active directory DomainWirelessOK and DomainVPNOK. I mapped those to ACS_Wireless and ACS_VPN.
In my production environment, currently all users on ACS authenticate using "Default Group".
What's the best way to let only users of ACS_VPN and ACS_Wireless have acccess to resources ? Should I "deny" access to Default group ? Is there any specific order you would setup this ?
Also, if you have suggestions on how I can test this avoiding system disruption please let me know. I thought that I could perhaps include the IP address of few selected Access Points to confirm that mappings work accordingly ?