I would like to assign Roles to users using external authentication via Radius (ACS 5.2). The Ironport user guide documentation saids that I have to map a Radius Class to a Role, but I dont know what attribute to add or modify in ACS 5.2 in order to make it work.
Thanks in advance.
I will have to investiate this further to provide you with an answer.
WSA Cisco Forums Moderator
You need to use Radius Class 25 Attributes to map the username to the role you need.
I have tested it and it is working fine.
On the ACS, you need add the WSA as AAA Radius client and then create an authorization profile and on Radius Attributes, you need to create attributes with Value "username" will be used to login.
Also you need to complete the policy element configuration for the WSA.
On the WSA, you need to configure it like the following:
On the Group-Mapping, the RADIUS CLASS attribute is the same as "username" configured on the ACS with the Class 25 attributes.
Ex: "test", or "cisco" and then map it to the role (Administrator, Operator, ....)
Then login to the device using the username/password. If you need to check that it is working, try the Guest role for testing purposes, the Reporting page will appear only with this role.
If you have any question, let me know.