Cisco ACS. Two-factor authentication.


We intend to use the connection diagram: cisco asa + cisco acs 5.4 + rsa securid.
We use two groups on Cisco ACS. Group "A" must use two-factor authentication, and the 'B' group don't.
How to create this rule?

Perform the rule base identity selection with dap-tunnel-group-name as a selector.

ASA will send auth request name of the tunnel group.

Attached example.

Tags: Cisco Security

Similar Questions

  • ACS 5.2 GANYMEDE + and two-factor authentication?

    I am trying to wrap my head around this topic and fault.  I want to configure two-factor authentication via ACS 5.2 GANYMEDE + without having to use a token (such as RSA).  Is it possible to do?

    More information:

    Users of the areas without AD link will connect to routers and switches.

    Is there an available certificate server to generate certificates.

    SSHv2 is the current Protocol of the connection.

    Thank you!

    Without RSA, I don't see a way to do this.

    With Ganymede all you have


    password: xxxxxx

    ciscoasa > activate

    password: xxxxxx

    above you use 2 login password and activate it.

    Jatin kone

    -Does the rate of useful messages-

  • Two factor authentication to cisco anyconnect using certificates

    I plan to factor authentication two configuration, and intend to buy thawte Certificate, but need help to choose which certificate do I need to buy. Can I purchase a code signing ssl certificate and use it to two-factor authentication? If this is not the case, what should I buy and what is the procedure?



    Hi, NH,

    I see that you have authentication two factor for customers who connect to your network by using AAA + certificates head.

    I also see that you are looking to get the signed certificate from Thawte.

    > In two authentication factors in your scenario, the client when the connection must present the name of user and password and a client certificate to complete the authentication.

    > You can get the client signed any Public certificate authority (CA) certificate.

    > The certificate with the key usage extension attribute value, such as the authentication of the Client can only be used by the client during client certificate authentication.

    > If extended key usage does not 'Authentication of customer' as one of its value then this certificate cannot be used for authentication of the client certificate.

    > Now, once you get the client certificate and installed it on the post, and currently the head of network during authentication may fail once again validating the certificate of the network head as it is necessary that the head of network must have the certificate root certificate Client installed in his store of Certificate Authority (CA).

    Kind regards

    Nouredine Sethi

  • Help: GBA 5.4 two factor authentication

    Dear all,

    We present ACS POC in one of our client.

    We have done using GANYMEDE authentication + AD user with different previllages and works very well.

    And also, we implemented a secure RSA ID authentication and his works fine.

    our client need for two-factor authentication using the RSA secureID and AD password ID password (via GANYMEDE +).

    can someone help me how to implement this scenario?

    It is very urgent, please help me how to implement two authentication using RSA secure ID and user name and password.

    Thank you


    Hi again,

    You should be able to find the information you need here:

    Useful section:

    With two-factor authentication identity stores

    See you soon


  • Two-factor authentication

    On my iMac after Sierra was an option to unlock with Apple Watch (security preferences panel). I click it and it says I need to disable the verification of two factor and enable two-factor authentication. Fine.

    Did. Now the option to activate Apple Watch unlock on the mac has disappeared.

    It works on my other Mac but not the iMac.

    Also in the preferences to iCloud account, then on devices, I see that my Apple Watch can be used to receive the codes!

    Someone knows how to fix these?

    Tried to run iCloud power switch, disconnect the watch and repair, restart everything.

    Just to be clear, the Mac is capable of auto unlock, it's an iMac end of 2015 and system report confirms it is compatible.

    The apple support page also suggests watches should be able to receive the codes:

  • Can I choose my device of trust preferred to iCloud two-factor authentication?

    I've recently implemented Icloud two-factor authentication, because I love the he adds extra security.

    As usual, I have my macbook on me, I also have to log on windows pc, every now and then.

    Unfortunately, ICloud chooses my headless mac mini which I use as a server at home instead of my laptop or Iphone.

    I would like to stop receiving the confirmation on this machine code, everyone was faced with a similar problem?

    If so how to solve it?

    Codes to go to all the secure devices.

    Of course, you can trust features remove at any time.

  • Why Apple has the code of two factor authentication on the same device that I log in with?

    I just installed Sierra and chose to use the two factor authentication with my iPhone chosen as a device to receive the code.

    But then, Apple displays a digit code 6 on my Mac itself and then asked me to go on my Mac.

    What sense does that make?

    A wild guess - were you log into your account in Safari on Mac when he showed you the digit code 6 on Mac? And you had already completed the sign-in icloud in System Preferences?

    If so, the macOS has been approved, but Safari wasn't. If macOS was able to show the code. It seems strange to first have the same computer application and provide the code, but really it is two layers of security and you had gotten through the first layer already.

  • two-factor authentication is not available for your apple at the moment ID

    (two-factor authentication is not available for your apple at the moment ID), how can I solve this problem? I can't run many features such as Apple Watch unlock in Sierra, please help

    I had this same problem, the message that, ' two-factor authentication is not available for your apple at the moment ID. " All my devices have been updated to the latest version of the software, and all other requirements have been met. I couldn't use two-factor authentication and I couldn't open my mac using my Apple Watch.  After contacting the Apple Support, they told me that because I had an email address older, this address was not "verified." And that the system was not able to verify the address by sending an email with a link as it does normally; He could do that for more recent @me and addresses of @icloud. Apple had to have a service technician manually to send me an email of check to my address I clicked on the link in the email (I don't need to enter other information), and two factors was not available instantly. Hope that you will find your problem will be solved.

  • Trusted devices two-factor authentication

    I'm selling my iphone more than 6 s and need to erase and I use two-factor authentication and need to remove it from the list of secure devices, so what do I do first the trusted device erase or delete?

    Erasure of the device is not related to her being a device of trust. They are distinct from the "things".

    See here > > > for Apple ID - Apple Support two-factor authentication

  • How can I configure on a second two-factor authentication apple that isn't an icloud but rather my itunes account account ID? Only, I seem to be able to use two steps on the second account.

    How can I configure on a second two-factor authentication apple that isn't an icloud but rather my itunes account account ID? Only, I seem to be able to use two steps on the second account.

    You can not. Two Apple factor authentication is a feature of iOS and OS X, based on your AppleID being associated with iCloud account to send and receive authentication 6-digit codes. An AppleID that is not associated with iCloud account cannot be used for 2-factor authentication.

    For Apple ID - Apple Support two-factor authentication

    You can set up validation in 2 steps (which is different) with any AppleID - see frequently asked questions about check in two steps for Apple ID - Apple Support

  • How to restore two-factor authentication?

    How can I restore two factor authentication after having set up authentication in two steps?

    I use:

    • OS X El Capitan v 10.11.5 on MacBook Pro 13 "early 2015
    • 9 IOS on iPhone 4S

    I have mistakenly set up authentication in two steps without realizing that the improved two-factor authentication is built into iOS 9 and OS X 10.  I must have forgotten two-factor authentication configuration when I implemented the new MacBook a year ago.

    Try turning off authentication step 2 to see if you have then the possibility to select.

  • Two-factor authentication not shown

    I read the link on the support of authentication article two-factor and I followed his suggestion to have a credit card on file.

    For my iCloud account, I don't see the selection option of authentication to two factors on one of my macs and one of my iPhones.   I'm under 10.11.5 on the macbook pro and 9.3.2 on my iPhone 6.

    I have not tried the other my Mac to see if the option is available.

    How can I get two factor authentication enabled?

    Should I just call Apple support?

    You have enabled audit stage 2.

  • Problem with the two factor authentication with Apple TV.

    I tried to connect to my Apple TV (2nd generation, operating system and updates are up-to-date), log-in failed and indicated that I had to use two-factor authentication which I recently install on my trust Apple devices which included my iMac, iPhone and iPad. As expected, I received a notice on my Apple devices trust with the verification code to six figures to add this code to six figures at the end of my password when signing in the Apple TV. I put my password and add the code check digit at the end on my password. It did not work. Now I can not connect. Any suggestions to connect to Apple TV using 2nd generation two-factor authentication? This Apple TV device is not supported?

    There is model of Apple TV MC572LL/A with Apple TV software version 6.2.1

    Model identifier is AppleTV2, 1

    Model number is A1378

    People have been facing difficulties with this process. I have not encountered such difficulties then have not had the opportunity to test solutions. While a little pain can I suggest that you disable temporarily two authentication step until you have set up your Apple TV.

  • Need to disable CGI, I have two-factor authentication, but I don't have the phone number or device with me. What can I do?

    Need to disable CGI, I have two-factor authentication, but I don't have the phone number or device with me. What can I do?

    For Apple ID - Apple Support two-factor authentication

    If I can not connect, how I again to access my account?

    If you can't sign in, reset your password, or receive verification codes, you can account recovery application to restore access to your account. Account recovery is an automatic process designed to help you back into your account as soon as possible while denying access to anyone who might be impersonating you. It may take a few days - or more - depending on the specific account information, you provide to verify your identity.

    It will be your option. If you try to find an iPhone with locking Activation that you don't remember the password, you can remove the account from the iPhone with the help of Apple's Support with the receipt of the initial purchase of the iPhone as a way to prove that you are the real owner of this iPhone.

  • Two factor authentication, how to store Cookies?

    So, I began to set up authentication two factor for various connections I have. As a normal practice, whenever I have close no matter what browser I have delete all cookies, and when my computer is shut down I get a Norton scan for cookies and delete them. The problem is that it removes my two factors authentication cookies I need. I tried the implementation of an exception, but the cookies are deleted anyway. How can I set this up to work, that is to say protect specific cookies from deletion?

    In Internet Explorer, it's extremely easy to do. All do you is put a check mark next to "preserve the favorite Web site data"... Fact. In Firefox, you would think is equivalent to "Preferences of Site", but it works the same in IE and cookies are deleted.


    I finally thought to try different combinations. Unlike the way I expect it works with the exceptions of cookie, the ' * ' character match only matches the 'cookie name', not all the path for a while in the 'site name'. In other words, *. will not protect the cookies which are also under In this case both *. and *. are necessary. As an example of the real world, the exceptions that work with Google two-factor authentication, which covers 20 + cookies that must be preserved, are:

    (Once more, the forum I cannot enter the character 'stars' on the keyboard in what appears on the forum as a url)

    (enter starting here)
    (enter starting here)
    (enter starting here)
    (enter starting here)
    (enter starting here)
    (enter starting here)

Maybe you are looking for

  • Satellite U940 - SSD drive shows only 11.22 GB

    Hello I had a new Satellite U940 - B484 Ultrabook.The first thing I did was finishing the wizard, then I created the recovery media (using external DVD drive) on three discs 4.7 GB DVD We have Windows 8 Pro license, so my friend formatted the system

  • HP 15-r036tu - is the 1600 Mhz DDR3 RAM compatibility

    I have a HP 15-r036tu - I just want to know if 1600 Mhz DDR3 RAM is compatible with your laptop. The laptop has 1 single slot memory. When I run utility CPU - Z, it shows that the existing memory is of type PC-12800. Can I upgrade it to 4 GB to 8 GB

  • application 802.11

    Hi all Recently, I started working with the 802.11 infrastructure application with the USRP2953. Without knowing much more about the framework, I need to ask this question: is it possible to extract the logic of the framework and run independently fr

  • Skype installation failure

    Try to install Skype I got an error message (see below) and had to quit the installer. Error message: the drive or the UNC share, you have selected does not exist or is not accessible. Please select another. I did not select a player and do not know

  • BlackBerry smartphones how is I can't make videos more?

    my blackberry Curve 8310 used to make me make videos on it, but now, whenever I want to make a video it says "to record a video, insert a formatted media card" and I don't have a media card. can someone help me?