cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
563
Views
0
Helpful
1
Replies

Cisco ACS Policy Mapping

vita_user
Level 1
Level 1

Hallo,

I have a question about the policy mapping in ACS 5.4.

When a request matches in "Access Selection Rule" the request goes to an "Access Service".

In "Access Service" there are three kinds of policy rules:

- Identity:

If condition match then result "Identity Source"

- Group Mapping

If condition match then result "Identity Group"

- Authorization

If condition match the result "Auth Profil"

Q1:

For example:

The User "Test" is registered in Internal User with a local password. But now I will authenticate the user "Test" from a RSA Token server. How can I configure this rule in "identity policy"? Wich condition matches to choose the identity source. I will set the internal user with an attribute enumeration field like "Password". The administrator should have an option to choose "locale databse password" or "token passcode".

Q2:

What does it mean: "Group mapping"?

Thx for your answer!

Stefan

1 Reply 1

edwjames
Level 3
Level 3

Hi Stefan,

The User "Test" is registered in Internal User with a local password.  But now I will authenticate the user "Test" from a RSA Token server.  How can I configure this rule in "identity policy"? Wich condition  matches to choose the identity source. I will set the internal user with  an attribute enumeration field like "Password". The administrator  should have an option to choose "locale databse password" or "token  passcode".

In the identity, if you click on select, you can select the type of Database, you can choose RSA (you will first need to create the connection under Users and Identity Stores-->External Identity Stores-->RSA secure ID)

Another, way is you continue to use the internal users DB, but you go to that user internally and select the password type to be RSA

(you will first need to create the connection under Users and Identity Stores-->External Identity Stores-->RSA secure ID)

Group mapping is a feature to assign a local identity group as a result by choose conditions.

EG:

If (Active directory x) Then (Internal group x)

The IF is the condition and Then is Result.

https://supportforums.cisco.com/docs/DOC-34890

Hope this Helps.

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: