Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
0
Helpful
2
Replies

ACS 5.3 SecurID and AD for vpn access

r.spiandorello
Level 1
Level 1

‎06-26-2012 12:52 PM - edited ‎03-10-2019 07:14 PM

Hi, within ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.

For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.

For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.

Are there some parameter to use in compound conditions for SecurID ?

How to ?

thanks

Labels:
0 Helpful
2 Replies 2

jrabinow
Level 7
Level 7

‎06-26-2012 01:01 PM

You can use the following attribute in the authorization condition. The "AuthenticationIdentityStore" attribute in the "System" dictionary. This contains the name of the dictionary that was authenticated against. Best to combine this with condition

"System.AuthenticationStatus match AuthenticationPassed" and "System.AuthenticationIdentityStore equals RSA"

0 Helpful

r.spiandorello
Level 1
Level 1
In response to jrabinow

‎07-05-2012 02:58 AM

ok, but can I use RSA for authentication and AD for authorization (in case of user sync between RSA and AD) ?

The "Attribute retrieval sequence" in "Identity Sote Sequence" could help me ?

That should be great.

thank you in advance

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents