Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC AD SSO user already logged into AD


I want to deploy NAC at a Central site to protect the main Servers and resources from remote sites that have multiple users/contractors. The remote site will have their own DC's and the users may log in locally and make use of local file repositories. I want to apply NAC when the user attempts to connect to resources that are located at the Central site.

Will the user at the remote site who has already logged into AD be prompted for login again by NAC or can the NAC use the existing credentials of the user connection, e.g. SSO.


Re: NAC AD SSO user already logged into AD

i'm not sure what you're trying to accomplish, but yes, NAC can use the existing credentials. I assume this is in-band NAC? It sounds like these users will only be going through NAC when they try to access these specific resources, is that right?

Re: NAC AD SSO user already logged into AD

NAC will be able to use the credentials of the machine they are currently logged into the domain with. If they are logged in locally to a machine (not on a domain), they will get prompted for domain credentials by NAC.

You must configure a user on the domain(s) that will be able to perform the lookups on AD. This will be covered in the documentation.

When they connect to the central site via VPN or LAN, the NAC agent will pop up and automatically perform SSO if it can. If there are any issues or SSO fails, it will pop a dialog to have the user log in with the required credentials that you configured on the CAM.

Hope that helps. Rate if it does.