Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
5
Helpful
4
Replies

ACS how to limit AD max user sessions

bob1980
Level 1
Level 1

‎07-21-2014 08:45 AM - edited ‎03-10-2019 09:53 PM

I have WLC (7.4) that uses 802.1x auth with our ACS (5.3)

Our ACS connects to our AD as external identity.

How can I limit the max sessions per AD users

Access Policies > Max User Session Policy >  Max Session User Settings

-That would affect all my Access Policies

Access Policies > Max User Session Policy >  Max Session Group settings

-That only shows internal groups and doesnt reflect my AD external group.

 

For exemple certain AD users can have more sessions there other AD users

Can that be done?

 

Dash

 

 

 

 

 

 

Labels:
0 Helpful
4 Replies 4

nspasov
Cisco Employee
Cisco Employee

‎07-21-2014 01:39 PM

Hi Dash-

 

Unfortunately there aren't any other options in restricting sessions for users in ACS. I had a similar request form a customer for ISE and ISE doesn't even support max sessions. I had requested that feature to be implemented so now we wait and see :)

 

Thank you for rating helpful posts!

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to nspasov

‎07-21-2014 04:23 PM

Dash,

You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/access_policies.html#pgfId-1162308

Thanks,

Tarik Admani

 

0 Helpful

Ahmed Mukhtar
Level 1
Level 1
In response to nspasov

‎01-12-2017 09:39 AM


Okay here is how yo do it.

In the "Access Services", you select & edit the service you want to use & check mark the group Mapping option in it.

Then you will see a "Group Mapping" option beneath the access policy that you just edited in the left panel of the ACS.

Now Select the "Group Mapping" option & select "Rule based result Selection" from the top. Now from the bottom right click "customize" & add in "AD:External Group"

Now you can specify conditions on for which AD Group you can MAP the Internal group & its related conditions i.e Max Session limitation.

Hope this helps.

Nadeem Jan
Level 1
Level 1
In response to nspasov

‎01-12-2017 09:43 AM

Thanks Ahmed ! Worked like a charm !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents