Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secondary Authentication based on AD Group attribute

dalbers_
New Contributor
‎05-10-2013 12:58:PM
‎05-10-2013 12:58:PM

Secondary Authentication based on AD Group attribute

We are currently deploying RSA Adaptive authentication which uses a secondary authentication option.   We currently use RSA Hard/Soft Tokens and are limiting the use of Adaptive auth via an AD Group.  Is there a way to do the following:

User logs in with Active Directory username and password on the first page, if that is successfull the group is checked.   If in group A use adaptive auth as the secondary authentication option, if not use RSA as the second authentication option.

 

Thank you!

 

0 Kudos
2 REPLIES 2
Kita_
Valued Contributor
‎05-10-2013 06:12:PM
‎05-10-2013 06:12:PM

Re: Secondary Authentication based on AD Group attribute

This would not be easy configuration with the SA device.  Group attribute are used to mapped users to specific roles after authentication has been performed.  In your scenario, you would want to do this in between the first and second authentication.

 

Theoritically, this may be possible through some customization.  If the SA device is configured for a single AD authentication and map the users via group lookup to two different roles.  Depending on these roles, you could configure the start up page to point to two different pages for either adapative authentication or RSA authentication.  However, these two pages would need to be customization authentication pages outside the SA configuration.

 

I'll continue to think about this one and update if I have any additional thoughts.

0 Kudos
dalbers_
New Contributor
‎05-12-2013 04:02:PM
‎05-12-2013 04:02:PM

Re: Secondary Authentication based on AD Group attribute

Much appreciated Kita, if you think of something that would be a great help.  We may need to do something special on our side to handle this but if the SA could handle it via a custom login page or something it would be easier.

 

Thank you!

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.