Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
1
Replies

ACS 5.1 AD Groups -> Command Sets

varnavasn
Level 1
Level 1

‎01-11-2011 07:59 PM - edited ‎03-10-2019 05:42 PM

Hi Guys,

Just wondering how you would configure the following?

Active Directory Groups mapped to command sets per user.

ie: User A is in AD Group called 'cisco-non-restricted' User B is in AD Group called 'cisco-restricted' they have command set restrictions based on what ad group there are members of

I have command sets working with internal users and groups but cant see where you can enable this from ad groups.

Regards,

Labels:
0 Helpful
1 Reply 1

Federico Ziliotto
Cisco Employee
Cisco Employee

‎01-12-2011 12:40 AM

Hello,

Under the authorization rules page, on the bottom right, you should have a "Customize" button.

This will pop-up a window to select additional conditions/results to be added to your rule. There you should be able to select AD1:ExternalGroups or AD1:memberOf (see attachment) to enforce command sets according to the AD a group a user is belonging to.

Let me know if this is what you were looking for,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Preview file
60 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents