Filter
Top Products
8-50
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
• Save Changes to save the configuration, join the ACS to the specified AD domain with the
configured credentials, and start the AD agent.
• Discard Changes to discard all changes.
• If AD is already configured and you want to delete it, click Clear Configuration after you verify
that:
–
There are no policy rules that use custom conditions based on the AD dictionary.
–
The AD is not chosen as the identity source in any of the available access services.
–
There are no identity store sequences with the AD.
The Active Directory configuration is saved. The Active Directory page appears with the new
configuration.
Note The Windows AD account, which joins ACS to the AD domain, can be placed in its own Organizational
Unit (OU). It resides in its own OU either when the account is created or later on with a restriction that
the appliance name must match the name of the AD account.
Note Centrify configuration gets affected (sometimes gets disconnected) when there is a slow response from
the server while you test the ACS connection with the AD domain. But, it works fine with the other
applications.
Note Due to NETBIOS limitations, ACS hostnames must contain less than or equal to 15 characters.
Related Topics
• Selecting an AD Group, page 8-50
• Configuring AD Attributes, page 8-51
Selecting an AD Group
Use this page to select groups that can then be available for policy conditions.
Note To select groups and attributes from an AD, ACS must be connected to that AD.
Step 1 Select Users and Identity Stores > External Identity Stores > Active Directory, then click the
Directory Groups tab.
The Groups page appears. The Selected Directory Groups field lists the AD groups you selected and
saved. The AD groups you selected in the External User Groups page are listed and can be available as
options in group mapping conditions in rule tables.
If you have more groups in other trusted domain or forest that are not displayed, you can use the search
filter to narrow down your search results.
Step 2 Click Select to see the available AD groups on the domain (and other trusted domains in the same forest).