Showing results for 
Search instead for 
Did you mean: 

Role Mapping Rule on Secondary Server

Frequent Visitor

Role Mapping Rule on Secondary Server

Hello, we are currently using the DUO MFA RADIUS server for our primary authentication method for a particular user realm. An Active Directory server is configured as the secondary authentication method. Is there any way to configure Role Mapping such that we can query the user group from the secondary authentication method (AD) in our role mapping rule? We would like to avoid individually adding users using a "Rule based on: Username" rule.


It seems that the Group Membership option to create a rule only works when AD is the primary authentication method. Any way to get this done by perhaps a user attribute when our AD server is secondary? The secondary authentication method is configured specifically as an AD server, not LDAP


Re: Role Mapping Rule on Secondary Server

Well... the group membership  role map is done accordly to the "User Directory/Attribute" server. By default if you select as primary authentication server an AD server "User Directory/Attribute" is set as "same as above".

Since you are using as primary authentication DUO you need to add to your configuration a LDAP server and set it as "User Directory/Attribute" server