I can't believe that this hasn't come up before, but I've searched for hours and literally found nothing.
Like most org's we have an elaborate acs access policy, with many identity sources and tens of thousands of users. The radius and tacacs authentication "steps" are great, but they're for a specific user. What I was sure existed was a feature in acs or at least a thrid party product that simply and dynamically creates a radius and tacacs authentication/authorization logic or decision tree diagram....does nothing like this exist? Am I really the first person that's ever desired something like this, in the history of the world????
Hi David, you are not the only one :) Unfortunately, ACS does not have that functionality. ISE 1.3 started to include some authentication flows but they are all around the the flows that go through the HTTPs portals.
That is the reason I had to manually create a Visio document for all of my customers that I have deployed ISE/ACS for :)