Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1903
Views
0
Helpful
1
Replies

Two factor authentication with Cisco ACS 5.1 & Vasco

acharyr123
Level 3
Level 3

‎01-03-2012 01:52 AM

Hi,

Can someone highlight how two cator authentication can be implemented using cisco acs 5.1 & vasco?

Rgds,

Partha

Labels:
0 Helpful
1 Reply 1

nowen
Level 1
Level 1

‎01-04-2012 08:41 AM

Essentially, you want to use radius between the two - stick to the standards for authenticaiton to avoid lock-in.  I don't have any docs for adding two-factor auth to the ACS, but I do have one for a VPN concentrator:

http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-a-cisco-vpn-concentrator-for-two-factor-authentication-from-wikid

While it makes the configuration up-front more complex, you should really run the authentication through your user directory for authorization first.  The benefit is that disabling a user in your directory then prevents their credentials from even reaching the two-factor server.  So, an AD admin or HR can disable a user without being an Admin on your 2FA server.  Microsoft supports this using their Radius plugin called NPS.  Here's a doc on running radius through NPS, but using SSH as the network client - so subsitute your ACS for the SSH server:

http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-nps

HTH,

Nick

0 Helpful
Customers Also Viewed These Support Documents