cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
835
Views
0
Helpful
2
Replies

ACS 5.3 SecurID and AD for vpn access

r.spiandorello
Level 1
Level 1

Hi, within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.

For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.

For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.

Are there some parameter to use in compound conditions for SecurID ?

How to ?

thanks

2 Replies 2

jrabinow
Level 7
Level 7

You can use the following attribute in the authorization condition. The "AuthenticationIdentityStore" attribute in the "System" dictionary. This contains the name of the dictionary that was authenticated against. Best to combine this with condition

"System.AuthenticationStatus match AuthenticationPassed" and "System.AuthenticationIdentityStore equals RSA"

ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA and AD) ?

The "Attribute retrieval sequence" in "Identity Sote Sequence" could help me ?

That should be great.

thank you in advance