We are currently deploying RSA Adaptive authentication which uses a secondary authentication option. We currently use RSA Hard/Soft Tokens and are limiting the use of Adaptive auth via an AD Group. Is there a way to do the following:
User logs in with Active Directory username and password on the first page, if that is successfull the group is checked. If in group A use adaptive auth as the secondary authentication option, if not use RSA as the second authentication option.
This would not be easy configuration with the SA device. Group attribute are used to mapped users to specific roles after authentication has been performed. In your scenario, you would want to do this in between the first and second authentication.
Theoritically, this may be possible through some customization. If the SA device is configured for a single AD authentication and map the users via group lookup to two different roles. Depending on these roles, you could configure the start up page to point to two different pages for either adapative authentication or RSA authentication. However, these two pages would need to be customization authentication pages outside the SA configuration.
I'll continue to think about this one and update if I have any additional thoughts.
Much appreciated Kita, if you think of something that would be a great help. We may need to do something special on our side to handle this but if the SA could handle it via a custom login page or something it would be easier.