10-18-2013 08:43 AM - last edited on 03-25-2019 05:31 PM by ciscomoderator
I have a question about integrating RSA and AD with ACS. What I am wondering is if I can create an authorization profile to have ACS check AD attributes (i.e. if a user is in a certain AD group) while using RSA for the authentication piece in the access policy?
For example, the access policy would use RSA for the external group authentication, but use AD for the authorization profile.
I think this will work, but I want to be sure.
TIA,
Dan
10-18-2013 09:50 AM
As long as the RSA store has the same username as the AD user this will work as you expect, with a little trickery.
You would need to create an Identity Store Sequence, and for the password authentication only look in the RSA store, but for the attribute lookup only look in the AD store and point the access service to use your Identity Store Sequence.
Users would be prompted to authenticate using their RSA tokens, then get passed back a result based on whatever rules you have set for specific AD OUs.
10-18-2013 10:04 AM
Thanks for the information. RSA will have the same username since it's going to be integrated with AD as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide