ACS AD Integration and Management

After installing the iso onto a VM or booting the appliance with the basic network configuration, follow the below steps to integrate into Active Directory

Joining ACS to Active Directory

>> Users and Identity Stores >> External Identity Stores >> Active Directory >> General Tab

  • Select ACS Node
  • Click Join
  • Enter domain name
  • Enter Username and Password of AD account with access to add computer objects to the domain
  • Status should change to “Joined and Connected”
  • Save Changes

Adding AD Groups to ACS

>> Users and Identity Stores >> External Identity Stores >> Active Directory >> Directory Groups Tab

  • Click on select
  • Browse AD Groups – may need to specify the AD group name (Default – Display random 100 groups)
  • Save Changes

Enable Domain if the DC manages multiple domains

>> System Administration >> Administrators >> Administrative Access Control >> Authentication Domains

  • If there are multiple domain names, verify that the “Authenticate” column is set to YES

Enable ACS to authenticate via AD

>> System Administration >> Administrators >> Administrative Access Control >> Identity

  • Change “Identity Source” to AD1
  • Save Changes

Mapping ACS management permissions to AD group created above

>> System Administration >> Administrators >> Administrative Access Control >> Authorization

  • Customize – Lower Right
  • Remove “System:UserName”
  • Add “AD1:ExternalGroups”
  • Add “Compound Conditions”
  • OK
  • Save Changes
  • Click on Create – Lower Left
  • Enter Name “ACS Administrators”
  • Status – Enable
  • Check/Enable Conditions
  • Select Previously created AD Group
  • Select Roles
  • Check/Enable SuperAdmin or relavent
  • OK twice
  • Save Changes

Log Out
Logon via AD user account