Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
3
Replies

ACS 5.3 Integration With RSA

Go to solution
Manoj Mohan G
Level 1
Level 1

‎12-25-2012 09:22 AM - edited ‎03-10-2019 07:55 PM

Hi People,

I have Integrated the ACS 5.3 with AD.

Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.

The enable privilege level should come from the RSA Token OTP.

Is it possible to do such a thing with ACS 5.3???

If so how could i do it???

Thanks,

Manoj

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jrabinow
Level 7
Level 7

‎12-26-2012 03:21 PM

I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary

(this is not tested and based on my recollection so would need your verification)

1) Create a custom condition for the service attribute in TACACS+ dictionary

Policy Elements > Session Conditions > Custom

Create: Dictionary: TACACS+ ; Attribute:Service

2) Utilize in a rule in Device Admin identity policy

Access Policies > Access Services > Default Device Admin > Identity

Sselect a rule based

Customize based on condition in 1

Create a rule for when Service is "Enable". Select identity source as RSA in this case

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jrabinow
Level 7
Level 7

‎12-26-2012 03:21 PM

I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary

(this is not tested and based on my recollection so would need your verification)

1) Create a custom condition for the service attribute in TACACS+ dictionary

Policy Elements > Session Conditions > Custom

Create: Dictionary: TACACS+ ; Attribute:Service

2) Utilize in a rule in Device Admin identity policy

Access Policies > Access Services > Default Device Admin > Identity

Sselect a rule based

Customize based on condition in 1

Create a rule for when Service is "Enable". Select identity source as RSA in this case

0 Helpful

Go to solution
Manoj Mohan G
Level 1
Level 1

‎01-09-2013 03:05 AM

Hi,

Thanks for the input.

I see that i dont need to create a custom attribute anymore because its already available in the tacas+ dictionary.

What i did to have this working was

Access Policies>Access Services>Default Device Admin>Identity.

Selected a new rule.

Customized it to have a compound condition.

Under Dictionary> Tacacs+>Service Enumeration>Enable

Select the identity source as RSA and we are good to go.

Thanks

0 Helpful

Go to solution
jrabinow
Level 7
Level 7
In response to Manoj Mohan G

‎01-09-2013 03:55 AM

Gald it helped

You won't need a custom condition if being used in a compound condition

Custom condition allows you to select this as one of the columns in the rule table

0 Helpful
Customers Also Viewed These Support Documents