Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
RichLeBlanc
New Contributor
New Contributor

Help on RADIUS profiles

Jump to solution

Hello All!

I am trying to archive the goal:

When a user with HelpDesk rights access a Cisco switch he is authorization on privilege level 7 when a user from Admin groups access the same switch he is authorization on privilege level 15.

What I have done so far:

I have created 2 Radius Profile on RSA

one is helpdesk with
Return List Attributes: Cisco-AVPAIR - shell:priv-lvl=7

the other one is the admin group with

Return List Attributes: Cisco-AVPAIR - shell:priv-lvl=15

 

I am trying to assign both these on the same Authentication Agent but the Agent is keeping only one of them, what I am doing wrong?

 

 

 

 

 

0 Likes
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee

One idea....

 

Assign the one 'most people' will use, to the agent.

Assign the one admins will use, to the admins themselves,

 

and set the system to use the user profile when both agent and user have a profile.

 

This way the admins profile will override the agent one.

 

Security Console, setup, system settings, radius.

pastedImage_1.png

 

 

 

Or, just assign profiles to users only.

View solution in original post

3 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)

FRED MANGINI‌,

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support" data-type="space page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space and click Ask A Question.  That way your question will appear in the correct space.

 

 

Regards,

Erica

0 Likes
EdwardDavis
Employee
Employee

One idea....

 

Assign the one 'most people' will use, to the agent.

Assign the one admins will use, to the admins themselves,

 

and set the system to use the user profile when both agent and user have a profile.

 

This way the admins profile will override the agent one.

 

Security Console, setup, system settings, radius.

pastedImage_1.png

 

 

 

Or, just assign profiles to users only.

Thank you, Edward,

your idea worked for me.