Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
1
Helpful
3
Replies

Group Policy matching via LDAP Groups with MFA?

michael3k
Level 1
Level 1

‎08-31-2023 07:48 AM

Hallo,

currently we match users authenticated via LDAP to Group Policies via LDAP attribute maps by Group memberships.

In future we plan to introduce 2FA/MFA via radius. How can we still get the ldap groups and match the users to group policies?

Or is it possible to do 2FA/MFA via LDAP?

LDAP/Radius is Novell eDirectory/AAF.

Labels:
0 Helpful
3 Replies 3

Pavan Gundu
Cisco Employee
Cisco Employee

‎09-01-2023 04:53 AM

Assuming you are running ASA, you can capture radius attribute 25 to assign group policy.
Of course, the radius server should have radius attribute 25 configured to some OU.

Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa919/configuration/general/asa-919-general-config/aaa-radius.html#ID-2113-00000029

0 Helpful

michael3k
Level 1
Level 1
In response to Pavan Gundu

‎09-04-2023 01:36 AM

Thank you for your help.

Yes we are running ASA and I read though the doc. So with radius there is no configurable mapping of the groups to the policy, so I assume, the attribute 25 has to have the same value as the policy name, right?

0 Helpful

Pavan Gundu
Cisco Employee
Cisco Employee
In response to michael3k

‎09-04-2023 01:40 AM

Yes, attribute 25 value should exactly be the group policy name you created on the ASA.
Customers Also Viewed These Support Documents