03-15-2013 08:27 AM
I have a network with many subnets and i want to run the authentication based on the security groups in the Active directory, but i am confused how could i do the identity, how should i configure it.
should i ask authentication for all, but how could i specifiy the group in the Active Directory because i want to treat the users based on their groups??
And i want to run SSO also, could you help me with a detailed steps???
Thanks alot
03-17-2013 02:37 PM
Where exactly do you want to configure the authentication? ON ASA? WSA? ScanSafe Connector? and what are you trying to use the authentication for? Web traffic? IDFW? VPN?
03-17-2013 02:41 PM
i want to configure it on the WSA and this authentication will be for Web traffic
03-17-2013 02:53 PM
Sure you can..
Here is the configuration guide for your reference:
http://www.cisco.com/en/US/docs/security/wsa/wsa7.5/user_guide/WSA_7.5.0_UserGuide.pdf
Authentication starts from chapter 20 (page: 20-1), and for SSO, you would need to use NTLM.
Hope that helps.
03-17-2013 02:57 PM
I know the configuration Guide but i want a detailed Step by Step for the Identity and the Realm and the policy and the SSO. If you can help.
03-17-2013 03:12 PM
Well, the config guide provides you with detailed step by step information on how to configure each section
Of course it doesn't provide you with a specific scenario of how to configure the authentication then the identity, etc etc as there will be many different scenarios to configure it.
You can search the following knowledge based article for a more specific steps:
https://ironport.custhelp.com/
Example of article: How do I create Access Policy Groups that match Active Directory Groups?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide