Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA: Active Directory Group Membership should determine if OTP is used or not

Hi Community.

Sorry, the subject sounds strange, but its hard to tell in few words.

Our customer connects with Anyconnec VPN and needs a special login behavior.

If our customer has User "xxx" and "yyy" in Active Directrtoy Group "OTP/LDAP Access" the ASA should ask the user "xxx" and "yyy" for LDAP credentials and OTP Password.

If our customer has User "zzz" in Active Directrtoy Group "LDAP Access" the ASA should ask the user "zzz" just for LDAP credentials.

My idea was to do two tunnel-groups one ask's for LDAP and OTP the another ask just for LDAP. But in that case the user gets a dropdown menu, where he has to choose the tunnel-group. But our customer dont want that drop down menu. The ASA should determine if he needs LDAP Credentals and OTP or just LDAP to connect.

Is that somehow possible ?

Best regards patrick

1 REPLY
Silver

you mean to assign a tunnel

you mean to assign a tunnel-group based on AD group membership?

58
Views
0
Helpful
1
Replies