If I want to assign different levels of privilege ( super user , read only user ) for different user group
(support and admin group)
How can I do this ?
How can I create group and assign users ( admin and support )
I would like to know which radius client (Cisco or other) are you using with RSA AM server so that we can get the clear picture of the configuration. Every client will have different sets of attributes for privileges which should be passed in the response messages.
I am attaching one article below which is for cisco product to understand the configuration related with the user privileges. Please go through with that and let me know if you have any questions.
000033955 - How to configure RADIUS profiles to segment user permissions in Cisco devices for RSA Authentication Manager 8.x
Thanks for the reply . This is not cisco device . I configured through RSA security console , (is that same RSA AM?)
How to assign the profile to the group instead of users .
Radius profiles cannot be assigned to a group.
They can be assigned to the agent, a user, or the 'system as a default profile'.
Logic to decide which profile to use for any login, if there are more than one,
is set on Security Console, Setup, System Settings, Radius:
I want to use multiple profile for a single user , for example the user want s to use vpn (cisco asa ) it has to use one profile ,
If the same user wants to use another device he has to use another profile ,
How can i do that ?
Multiple profiles can be done by creating logon aliases, and assigning the profile to the alias name, and assigning the group to an agent.
Example. My name is zaz, this is my authentication settings screen lower section...
zaz is a member of two groups, moon and aliasgrp.
zaz has two aliases, zaz2, and frisky, assigned to group.
Whichever agent I have group restriction set for [aliasgrp], I can log in as zaz or zaz2.
if I log in as ZAZ, I get ADVA profile assigned. ADVA is my default profile.
If I log in somewhere else as ZAZ2, I will get the profile assigned to my alias name which is CISCO AV_PAIR.
So, I will need to use different login ID's on each device, but it is always user ZAZ doing all the authentication, and the profile will change based on what userid I used to login...my real userid or one of my aliases with a different profile.
Here you used ADVA , is that MODEL name , If yes I am struggling with the device only
Could you please share the details of the radius attributes for the model
ADVA is simply a made-up name of a profile. You'll need to consult with the 3rd party documentation regarding what specific attributes you need to build in a profile for your particular device and settings.
This diagram may be helpful to describe how profiles and attributes are used and obtained during authentication:
Retrieving data ...