Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dynamic Access Policies with RSA Authentication

What is the best way to use DAP when using RSA for user authentication. I really do not want to have the users have to authenticate twice, once for tunnel authentication through RSA and then again for AD authentication. Is there a way to add users to groups on the RSA server and apply policies based on those groups?


Community Member

Re: Dynamic Access Policies with RSA Authentication


You want to do group mapping with RSA? if yes please see the following documentation.

Yopu can authenticate against RSA and authorize using LDAP.


Community Member

Re: Dynamic Access Policies with RSA Authentication

I have a similar request ... I'm trying to setup DAP for two different AAA groups.  The first group (vendors) is authenticated to Windows Active Directory using LDAP and I check for a "member of" AAA attribute to define which DAP to apply.  This works correctly.

However, the second group (employees) is passed off to RSA using the SDI protocol, because our employees use tokens.  The DAP check for "member of" doesn't work.  It seems like RSA doesn't return the "member of" attribute ... or if it does, the ASA doesn't receive it.  Is it possible to use DAP for RSA authentication?  If so, how do you setup the AAA attributes?

CreatePlease to create content