https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295778#M101887 <HTML><HEAD></HEAD><BODY><P>As long as the RSA store has the same username as the AD user this will work as you expect, with a little trickery. </P><P></P><P>You would need to create an Identity Store Sequence, and for the password authentication only look in the RSA store, but for the attribute lookup only look in the AD store and point the access service to use your Identity Store Sequence. </P><P></P><P>Users would be prompted to authenticate using their RSA tokens, then get passed back a result based on whatever rules you have set for specific AD OUs. </P></BODY></HTML> Fri, 18 Oct 2013 16:50:12 GMT Sam Hertica 2013-10-18T16:50:12Z https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295777#M101838 <P>I have a question about integrating RSA and AD with ACS.&nbsp; What I am wondering is if I can create an authorization profile to have ACS check AD attributes (i.e. if a user is in a certain AD group) while using RSA for the authentication piece in the access policy?</P><P></P><P>For example, the access policy would use RSA for the external group authentication, but use AD for the authorization profile.</P><P></P><P>I think this will work, but I want to be sure.</P><P></P><P>TIA,</P><P></P><P>Dan</P> Tue, 26 Mar 2019 00:31:09 GMT https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295777#M101838 deyster94 2019-03-26T00:31:09Z https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295778#M101887 <HTML><HEAD></HEAD><BODY><P>As long as the RSA store has the same username as the AD user this will work as you expect, with a little trickery. </P><P></P><P>You would need to create an Identity Store Sequence, and for the password authentication only look in the RSA store, but for the attribute lookup only look in the AD store and point the access service to use your Identity Store Sequence. </P><P></P><P>Users would be prompted to authenticate using their RSA tokens, then get passed back a result based on whatever rules you have set for specific AD OUs. </P></BODY></HTML> Fri, 18 Oct 2013 16:50:12 GMT https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295778#M101887 Sam Hertica 2013-10-18T16:50:12Z https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295779#M101931 <HTML><HEAD></HEAD><BODY><P>Thanks for the information.&nbsp; <SPAN style="font-size: 10pt;">RSA will have the same username since it's going to be integrated with AD as well.&nbsp; </SPAN></P></BODY></HTML> Fri, 18 Oct 2013 17:04:54 GMT https://community.cisco.com/t5/network-access-control/acs-integration-with-rsa-and-ad/m-p/2295779#M101931 deyster94 2013-10-18T17:04:54Z