Cisco 3.3 User Manual

Chapter 16 User Group Mapping and Specification

Group Mapping by Group Set Membership

16-8

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 6

If you are mapping a Novell NDS group set, click the name of the Novell NDS
tree for which you want to configure group set mappings.

The Group Mappings for NDS Users table appears.

Step 7

Click Add Mapping.

The Create new group mapping for database page opens. The group list displays
group names derived from the external user database.

Step 8

For each group to be added to the group set mapping, select the name of the
applicable external user database group in the group list, and then click Add to
selected.

Note

A user must match all the groups in the Selected list so that Cisco Secure
ACS can use this group set mapping to map the user to a Cisco Secure
ACS group; however, a user can also belong to other groups (in addition
to the groups listed) and still be mapped to a Cisco Secure ACS group.

Tip

To remove a group from the mapping, select the name of the group in the
Selected list, and then click Remove from selected.

The Selected list shows all the groups that a user must belong to in order to be
mapped to a Cisco Secure ACS group.

Step 9

In the CiscoSecure group list, select the name of the Cisco Secure ACS group to
which you want to map users who belong to all the external user database groups
in the Selected list.

Note

You can also select <No Access>. For more information about the <No
Access> group, see

No Access Group for Group Set Mappings,

page 16-5

.

Step 10

Click Submit.

The group set you mapped to the Cisco Secure ACS list appears at the bottom of
the database groups column.