Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
0
Helpful
0
Replies

Cisco ISE - Authorization of SAML - User Attributes

kylerossd
Level 4
Level 4

‎12-16-2020 09:04 AM

Hello,

When using SAML for authentication on Cisco FTD and authorize only for secondary the username is masked out by the assertion token.  Are there any attributes in the SAML token that can be used for authorization?  Say, if I wanted to switch tunnel-group associated with that authentication?

Say for example if you use DUO MFA, sAMAccountName and Groups are apart of the directory sync are we able to see this for authorization purposes?  If not, how would one go about using SAML and RADIUS as a combination?  Primary Auth RADIUS to ISE and Secondary Auth SAML to DUO?

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card