08-12-2011 06:19 PM - edited 03-10-2019 06:18 PM
Hi,
I have a setup where there are vpn users conecting the network resources through outside. They VPN HeadEnd appliance is ASA. They are getting authenticated through ACS which is integrated through LDAP. Now i want to perform authorization through ACS server to restrict the user access to the resources based on its Need to Know rule. Can i perform Authorization on ACS with authentication on acs through ldap because in this case i donot create local username and password on acs.
08-12-2011 09:02 PM
Yes you can will create a authorization profile under you policy elements which will contain the "need to know rule", then you will retrieve the group in your ldap settings, directory attributes and select the group after you search for it.
Finally create a access policy, that will contain the authorization profile, the ldap container. Keep in mind you will have to customize this option to active the policy elements you wish to map.
Thanks,
Tarik
08-13-2011 02:30 AM
Do you have any document which can help us
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide