Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
1
Replies

Cisco ACS Policy Mapping

vita_user
Level 1
Level 1

‎12-06-2013 05:49 AM - edited ‎03-10-2019 09:09 PM

Hallo,

I have a question about the policy mapping in ACS 5.4.

When a request matches in "Access Selection Rule" the request goes to an "Access Service".

In "Access Service" there are three kinds of policy rules:

- Identity:

If condition match then result "Identity Source"

- Group Mapping

If condition match then result "Identity Group"

- Authorization

If condition match the result "Auth Profil"

Q1:

For example:

The User "Test" is registered in Internal User with a local password. But now I will authenticate the user "Test" from a RSA Token server. How can I configure this rule in "identity policy"? Wich condition matches to choose the identity source. I will set the internal user with an attribute enumeration field like "Password". The administrator should have an option to choose "locale databse password" or "token passcode".

Q2:

What does it mean: "Group mapping"?

Thx for your answer!

Stefan

Labels:
0 Helpful
1 Reply 1

edwjames
Level 3
Level 3

‎12-07-2013 06:21 PM

Hi Stefan,

The User "Test" is registered in Internal User with a local password.  But now I will authenticate the user "Test" from a RSA Token server.  How can I configure this rule in "identity policy"? Wich condition  matches to choose the identity source. I will set the internal user with  an attribute enumeration field like "Password". The administrator  should have an option to choose "locale databse password" or "token  passcode".

In the identity, if you click on select, you can select the type of Database, you can choose RSA (you will first need to create the connection under Users and Identity Stores-->External Identity Stores-->RSA secure ID)

Another, way is you continue to use the internal users DB, but you go to that user internally and select the password type to be RSA

(you will first need to create the connection under Users and Identity Stores-->External Identity Stores-->RSA secure ID)

Group mapping is a feature to assign a local identity group as a result by choose conditions.

EG:

If (Active directory x) Then (Internal group x)

The IF is the condition and Then is Result.

https://supportforums.cisco.com/docs/DOC-34890

Hope this Helps.

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful
Customers Also Viewed These Support Documents