06-26-2012 12:52 PM - edited 03-10-2019 07:14 PM
Hi, within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.
For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.
For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.
Are there some parameter to use in compound conditions for SecurID ?
How to ?
thanks
06-26-2012 01:01 PM
You can use the following attribute in the authorization condition. The "AuthenticationIdentityStore" attribute in the "System" dictionary. This contains the name of the dictionary that was authenticated against. Best to combine this with condition
"System.AuthenticationStatus match AuthenticationPassed" and "System.AuthenticationIdentityStore equals RSA"
07-05-2012 02:58 AM
ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA and AD) ?
The "Attribute retrieval sequence" in "Identity Sote Sequence" could help me ?
That should be great.
thank you in advance
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: