Solved: Map single AD user to multiple Identity groups ACS 5.8

N3t W0rK3r · ‎03-02-2016

Is it possible to map a single AD user account to multiple ACS identitiy groups?

I have tried creating two different AD security groups with the same user in both groups. I then created two different mappings each referencing one group. Problem is, only the first mapping is being hit.

Thanks.

John

Javier Henderson · ‎03-02-2016

John,

Unlike ACS 4 (and previous versions), the need to map users to groups is much diminished, since you can create authorization policies with a great deal of flexibility and reference AD groups and many other criteria.

You may want to consider creating authorization policies that don't depend on identity groups, and just reference AD group membership and/or any other criteria.

Javier Henderson

Cisco Systems

View solution in original post

Javier Henderson · ‎03-02-2016