Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
10
Helpful
2
Replies

ACS integration with RSA and AD

deyster94
Level 5
Level 5

‎10-18-2013 08:43 AM - last edited on ‎03-25-2019 05:31 PM by Community Manager

I have a question about integrating RSA and AD with ACS.  What I am wondering is if I can create an authorization profile to have ACS check AD attributes (i.e. if a user is in a certain AD group) while using RSA for the authentication piece in the access policy?

For example, the access policy would use RSA for the external group authentication, but use AD for the authorization profile.

I think this will work, but I want to be sure.

TIA,

Dan

Labels:
0 Helpful
2 Replies 2

Sam Hertica
Cisco Employee
Cisco Employee

‎10-18-2013 09:50 AM

As long as the RSA store has the same username as the AD user this will work as you expect, with a little trickery.

You would need to create an Identity Store Sequence, and for the password authentication only look in the RSA store, but for the attribute lookup only look in the AD store and point the access service to use your Identity Store Sequence.

Users would be prompted to authenticate using their RSA tokens, then get passed back a result based on whatever rules you have set for specific AD OUs.

deyster94
Level 5
Level 5
In response to Sam Hertica

‎10-18-2013 10:04 AM

Thanks for the information.  RSA will have the same username since it's going to be integrated with AD as well. 

0 Helpful
Customers Also Viewed These Support Documents