Database Group Mappings | Cisco Access Control Security: AAA Administration Services

After you complete the setup of the database that you want to use with ACS, you can then set up a database group mapping. This maps a group to an external server. This way when users are authenticated by way of one of the external servers, they are placed in the corresponding group in the mapping configuration.

To configure the database group mapping, perform the following steps:

Step 1.	Select the Database Group Mappings link from the External Database Configuration page.
Step 2.	Select the external server that you want to assign a group to.
Step 3.	Using the drop-down menu, choose the group to place authenticated users of this database in.
Step 4.	Select the Submit button. This completes the configuration of unknown user database group mappings.

In addition to this simple mapping, ACS also supports the following:

Group mapping by external user database group membership
RADIUS group specification

The group mapping by external user database group membership allows you to map more than a database to a single group for some external database types. An example of this would be a Windows database in which ACS can make use of external group membership to dynamically determine the ACS group membership. The RADIUS group mapping enables you to specify on the RADIUS server the group the user is placed in, and this value is returned in the token server's authentication response. You can also use an ODBC database to specify the group assignment in ACS.