Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco ACS. Two-factor authenticaion.

Hello.

We intend to use scheme of connection: cisco asa + cisco acs 5.4 + rsa securid.
We use two groups on Cisco ACS . Group "A" must use two-factor authentication, and the group "B" don't.
how to create this rule?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Perform rule base identity

Perform rule base identity selection with dap-tunnel-group-name as selector. 

ASA will send tunnel group name in auth request. 

 

Example attached.

 

4 REPLIES
Cisco Employee

Perform rule base identity

Perform rule base identity selection with dap-tunnel-group-name as selector. 

ASA will send tunnel group name in auth request. 

 

Example attached.

 

Community Member

Hello Marcin.I do not

Hello Marcin.

I do not understand how this rule will apply to the base secureid? You associate  ASA with securid or ACS?

Cisco Employee

ASA associates with ACS, ACS

ASA associates with ACS, ACS with RSA over RADIUS. 

Community Member

Everything works. Thank you!

Everything works. Thank you!

149
Views
0
Helpful
4
Replies
CreatePlease to create content