Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

Map single AD user to multiple Identity groups ACS 5.8

Go to solution
N3t W0rK3r
Level 3
Level 3

‎03-02-2016 11:29 AM - edited ‎03-10-2019 11:32 PM

Is it possible to map a single AD user account to multiple ACS identitiy groups?

I have tried creating two different AD security groups with the same user in both groups.  I then created two different mappings each referencing one group.  Problem is, only the first mapping is being hit.

Thanks.

John

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Henderson
Level 4
Level 4

‎03-02-2016 11:36 AM

John,

Unlike ACS 4 (and previous versions), the need to map users to groups is much diminished, since you can create authorization policies with a great deal of flexibility and reference AD groups and many other criteria.

You may want to consider creating authorization policies that don't depend on identity groups, and just reference AD group membership and/or any other criteria.

Javier Henderson

Cisco Systems

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Javier Henderson
Level 4
Level 4

‎03-02-2016 11:36 AM

John,

Unlike ACS 4 (and previous versions), the need to map users to groups is much diminished, since you can create authorization policies with a great deal of flexibility and reference AD groups and many other criteria.

You may want to consider creating authorization policies that don't depend on identity groups, and just reference AD group membership and/or any other criteria.

Javier Henderson

Cisco Systems

0 Helpful

Go to solution
N3t W0rK3r
Level 3
Level 3
In response to Javier Henderson

‎03-02-2016 11:58 AM

That worked awesome!  Thanks Javier.  I totally eliminated identity groups from the policies, relying only on AD groups, with success.

Thanks again.

John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents