Showing results for 
Search instead for 
Did you mean: 

Authenticating Device Admin users against AD specific groups

Mike Masalla
Level 1
Level 1


I am using ACS 5.3 What I am about is setting user authentication against existence of the user in specific AD group, not just being a member in any AD. What is happening now, users get authenticated as long as they exists in the AD, luckily they fail on authorization, as it is bound to specific AD group.

Any idea, how can I bind the authentication aginst specific group in AD, not just using AD1 as the identity source.


1 Reply 1

Amjad Abdullah
VIP Alumni
VIP Alumni

Hi Mike,

Can you please define what you exactly mean by authentication and authorization?

The ACS checks the AD for a specific user if it is available and if the credentials are correct. If it is then on the AD you will probably find a successful authentication on the logs, but form the user perspective, the user does not know about if it is authenticated or not at this stage.

Now, the ACS knows the credentials are correct and then check the policy rules that are configured. depending on the policy rules it will tell the user if it is successfully authenticated or not.

In the policy, you control success of failure of the authentication of the client depending on the AD group.

If what I explained above is not what you are looking for please elaborate more about your request so we better understand your concern.


Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: