06-26-2012 12:52 PM - edited 03-10-2019 07:14 PM
Hi, within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.
For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.
For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.
Are there some parameter to use in compound conditions for SecurID ?
How to ?
thanks
06-26-2012 01:01 PM
You can use the following attribute in the authorization condition. The "AuthenticationIdentityStore" attribute in the "System" dictionary. This contains the name of the dictionary that was authenticated against. Best to combine this with condition
"System.AuthenticationStatus match AuthenticationPassed" and "System.AuthenticationIdentityStore equals RSA"
07-05-2012 02:58 AM
ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA and AD) ?
The "Attribute retrieval sequence" in "Identity Sote Sequence" could help me ?
That should be great.
thank you in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide