https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4522748#M1085984 <P>You can do this with LDAP attribute mapping on Cisco Firewalls:&nbsp;</P> <P>&nbsp;</P> <P>But depending on what type of Radius server you are using you should be able to pass back attributes as well. Several methods to do this depending upon your topology.&nbsp;</P> <P>&nbsp;</P> <P>Guide is here:&nbsp;</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 22 Dec 2021 14:07:24 GMT nconroy 2021-12-22T14:07:24Z https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521858#M1085949 <P>Hello,</P><P>&nbsp;</P><P>We are currently using a Radius server to authenticate users using Anyconnect. The Radius server is tied to MS AD\Domain Users &amp; \Domain Computers. So, any user who has an AD account can login using their AD creds.</P><P>&nbsp;</P><P>I have an assignment to create a new connection profile so that specific end-users can authenticate against specific AD group called "SG_NtwkSupport"</P><P>&nbsp;</P><P>How do I go about configuring a Connection profile/Global Policy where it points/links to the Radius server where that Radius server in linked to the AD\SG_NtwkSupport group?</P><P>&nbsp;</P><P>Thanks in advance.</P><P>&nbsp;</P><P>~zK</P> Tue, 21 Dec 2021 00:21:14 GMT https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521858#M1085949 zekebash 2021-12-21T00:21:14Z https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521892#M1085952 <P>Hi,</P><P>&nbsp;</P><P>below will give good guide</P><P><A href="https://www.petenetlive.com/KB/Article/0001474" target="_blank">https://www.petenetlive.com/KB/Article/0001474</A></P> Tue, 21 Dec 2021 03:33:05 GMT https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521892#M1085952 Kasun Bandara 2021-12-21T03:33:05Z https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521894#M1085953 <P>We do this most commonly with an LDAP Attribute map.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html</A></P> <P>However it can also be done in a pure RADIUS environment. Generally speaking, the VPN headend has a default group policy that allows zero connections. Once a user authenticates (and assuming they are in the group that the RADIUS server checks for) the RADIUS server returns an Authorization result overriding the default group policy and directing the VPN headend to assign a group policy that allows connections.</P> <P>Depending on what RADIUS server you are using, there may be some step by step guides you can reference. Cisco ISE and Microsoft NPS are the most common ones in this scenario.</P> Tue, 21 Dec 2021 03:36:12 GMT https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4521894#M1085953 Marvin Rhoads 2021-12-21T03:36:12Z https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4522748#M1085984 <P>You can do this with LDAP attribute mapping on Cisco Firewalls:&nbsp;</P> <P>&nbsp;</P> <P>But depending on what type of Radius server you are using you should be able to pass back attributes as well. Several methods to do this depending upon your topology.&nbsp;</P> <P>&nbsp;</P> <P>Guide is here:&nbsp;</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 22 Dec 2021 14:07:24 GMT https://community.cisco.com/t5/network-security/anyconnect-authentication/m-p/4522748#M1085984 nconroy 2021-12-22T14:07:24Z