Chapter 12 Administering External User Databases
Database Group Mappings
12-12
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Group Mapping by External User Database
You can map an external database to a Cisco Secure ACS group. Unknown users
who authenticate using the specified database automatically belong to, and inherit
the authorizations of, the group. For example, you could configure
Cisco Secure ACS so that all unknown users who authenticate with a certain
token server database belong to a group called Telecommuters. You could then
assign a group setup that is appropriate for users who are working away from
home, such as MaxSessions=1. Or you could configure restricted hours for other
groups, but give unrestricted access to Telecommuters group members.
While you can configure Cisco Secure ACS to map all unknown users found in
any external user database type to a single Cisco Secure ACS group, the following
external user database types are the external user database types whose users you
can only map to a single Cisco Secure ACS group:
• ODBC
• LEAP Proxy RADIUS server
• ActivCard token server
• PassGo token server
• CRYPTOCard token server
• RADIUS token server
• RSA SecurID token server
• SafeWord token server
• Vasco token server
For a subset of the external user database types listed above, group mapping by
external database type is overridden on a user-by-user basis when the external user
database specifies a Cisco Secure ACS group with its authentication response.
Cisco Secure ACS supports specification of group membership for the following
external user database types:
• LEAP Proxy RADIUS server
• ActivCard token server
• CRYPTOCard token server
• RADIUS token server
• Vasco token server
To Next Page
Loading...
