cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

126
Views
0
Helpful
1
Replies
Highlighted
Beginner

3415 Cisco Secure ACS + REST Web Service

Hi,

 We have a cisco 3415 running ver 5.5 that is used ONLY for the user access into the Cisco devices on the network.

 

Number of devices on the network = 2800

NDG's = 25

Number of users = 300

 

Each user is unique and will be needing ANY combination of the above 25 NDG's.  We also use the REST webservice to automate the user ID creation, read, update and delete the user ID on the ACS and its authorization to the NDG's.

 

As we cannot assign a user to multiple NDG's nor can we assign a user to multiple Identity groups.....  Can someone please advise how we can get my users have access any combination NDG's while retaining the ability to use the REST API to automate the user create,delete and modify.

 

Appreciate your advise.

 

Thanks

Satish
 

1 REPLY 1
Highlighted
Beginner

This is old but I will answer it anyway in case anyone else stumbles upon it...

Using identity groups this is functionally impossible as far as I can figure. The only way to do this using only ACS is to create boolean User Attributes for each NDG and during user creation set each flag as appropriate. Then in the Access Service just check the status of the appropriate flag to allow/disallow access to a particular NDG.

 

You create custom user attributes by going to System Administration->Configuration->Dictionaries->Identity->Internal Users
 

That said I would STRONGLY urge you to consider setting up a simple LDAP directory or use an existing MS AD domain and use LDAP/AD groups. The way I showed may not be scalable enough and using a very simple LDAP database allows much greater freedom of movement later.