We are looking at integrating an RSA Authentication Manager appliance with a SEL-3620 Ethernet Security Gateway. The SEL device documentation (sign in required) references integration with RSA Authentication Manager version 7.1.
The documentation has us create a dictionary with custom attributes which will be passed back on successful user authentication. These values determine the users privileges on the SEL device. The documentation has us create a RADIUS profile on the RSA Authentication Manager for each possible set of attribute values. For example the user is a "Technician" in the group "read-only" Not mentioned in the documentation is a method to map a RADIUS profile to an AD group.
Two part question:
1.) Is there a way to automatically map users in a certain group to a specific RADIUS profile?
2.) Is there a better way to return custom attributes (which are mapped to AD groups) back to the SEL device upon successful authentication?