11-23-2010 07:59 AM - edited 03-10-2019 05:36 PM
I want to use ACS 5.2 to authenticate VPN users and Wireless users.
For the VPN users, there is an internal group on the ACS box and an Active Directory group in AD. I would like to be able to use both sources to authenticate VPN users. Some VPN users will have local accts on the ACS box, others will be AD users. I'm having a hard time getting the policies right. It seems I can get it to use either AD or Internal users but not both.
Solved! Go to Solution.
11-23-2010 09:43 AM
Create Identity store sequence and have Internal User and AD in the Sequenece, refer to the attached screenshot and you can have this Identity in the Access policy so both internal and AD store is checked
Note: please rate the answer if it was helpful
11-23-2010 09:43 AM
11-23-2010 09:55 AM
So can you not create 2 different rules in the identity policy that would
reference 2 identity sources?
11-23-2010 10:03 AM
If you create two access policy with different identity store, then you will run into the same issue a you mentioned, if user is in AD and assume your first policy is configured for internal users, then it comes back with user not found, unless if the AD users come in from a diffrerent NAS client and you configure access poilcy based on NAS
Note: Please rate the answer if it was helpful
11-23-2010 10:07 AM
So, if you are wanting to use 2 different identity sources, then using an
identity sequence is the way to go because it will check all of them?
11-23-2010 10:33 AM
I have a similar scenario. Some of our VPN users are in SecurID database. Some VPN users are in ACS Local database.
We configured the "Identity Policies" as "Rule based result selection". Then we created one rule using "Compound Condition" . You set the condition to "System:UserName equals
There's a default rule which "Identity Source" is set to SecurID Database. It applies to all users that didn't match the previous rule.
Hope it helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide