Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1469
Views
0
Helpful
5
Replies

ACS 5.2 add a user into several groups

holzhirt1
Level 1
Level 1

‎04-06-2011 05:42 AM - edited ‎03-10-2019 05:58 PM

Dear all,

We are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.

Here's the context :

We have a company A which is having devices, this company uses Group A.

then we have a company B which is having devices, this company uses Group B.

But the admin has to manage the devices for both companies A & B.

We don't want to mix devices from company A with company B.

Is there a way to add the user into both groups A & B.

Thank you for your help, really appreciated,

Labels:
0 Helpful
5 Replies 5

padatta
Level 1
Level 1

‎04-06-2011 05:45 AM

Hi,

If users are locally defined on ACS' internal DB, they can be part of only a single group.

Paps
0 Helpful

holzhirt1
Level 1
Level 1
In response to padatta

‎04-06-2011 06:18 AM

Hello,

thank you for your feedback,

But as you can imagine this absolutely not handy.

Is there a workaround to have this working ?

Is Cisco planning a change with this in future releases ?

Thanks

0 Helpful

a-ford
Level 1
Level 1

‎06-02-2011 07:25 PM

The user repository shouldn't have any real impact on the devices under management.  You should be able to segregate the devices into 2 different containers easily enough.  To allow your administrator to manage both sets of devices, you must simply permit the identity group that the admin is a member of to admin both sets of devices.  If the admin is a unique class of user, create an identity group for the admin alone.

0 Helpful

holzhirt1
Level 1
Level 1
In response to a-ford

‎06-02-2011 11:31 PM

Hello a-ford,

Thank you very much for your answer.

We usually create a container per company.

The idea would be if we have company A and company B to have an user managing both container with limited rights (Like an IT Admin that is in charge for both).

Additionnaly the Admin should have full access on both companies containers.

Is this possible ?

Thank you

0 Helpful

a-ford
Level 1
Level 1
In response to holzhirt1

‎06-03-2011 07:27 AM

That should be easy enough to do. As an example, I would create a new Network Device Group category named Company.  Within that category, create a group named Company A and a group named Company B.  Associate all devices to their appropriate Company.  You can then create 3 Identity Groups (Company A, Company B, and Admin) and create the appropriate user account in each.

Then under the Access Polices, either with the default device admin policy or within newly created policies, you can grant control of Company A and Company B to their respective users as well as granting control of both to your Admin group.

0 Helpful
Customers Also Viewed These Support Documents