03-02-2016 11:29 AM - edited 03-10-2019 11:32 PM
Is it possible to map a single AD user account to multiple ACS identitiy groups?
I have tried creating two different AD security groups with the same user in both groups. I then created two different mappings each referencing one group. Problem is, only the first mapping is being hit.
Thanks.
John
Solved! Go to Solution.
03-02-2016 11:36 AM
John,
Unlike ACS 4 (and previous versions), the need to map users to groups is much diminished, since you can create authorization policies with a great deal of flexibility and reference AD groups and many other criteria.
You may want to consider creating authorization policies that don't depend on identity groups, and just reference AD group membership and/or any other criteria.
Javier Henderson
Cisco Systems
03-02-2016 11:36 AM
John,
Unlike ACS 4 (and previous versions), the need to map users to groups is much diminished, since you can create authorization policies with a great deal of flexibility and reference AD groups and many other criteria.
You may want to consider creating authorization policies that don't depend on identity groups, and just reference AD group membership and/or any other criteria.
Javier Henderson
Cisco Systems
03-02-2016 11:58 AM
That worked awesome! Thanks Javier. I totally eliminated identity groups from the policies, relying only on AD groups, with success.
Thanks again.
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: