Users and Identity Stores >> External Identity Stores >> Active Directory
Enter Domain Name, user Account and Password and Save Changes
Select Directory Group Tab, Select to search for group, OK
Shell Profile
Policy Elements >> Authorization and Permissions >> Device Administration >> Shell profiles >> Create
Users and Identity Stores >> External Identity Stores >> Active Directory
Enter Domain Name, user Account and Password and Save Changes
Select Directory Group Tab, Select to search for group, OK
Shell Profile
Policy Elements >> Authorization and Permissions >> Device Administration >> Shell profiles
Enter a name and a Description
Click on the Common Tasks Tab
Change Default Privilege to Static and Value to 15
Click on Submit
Access Policy >> Access Services >> Create
Enter a Name and Description
Check User Selected Service Type >> Select Device Administraton from the drop down box
Verify that Identity and Authorization are checked and click on Next
Select Appropriate protocols and select Finish
Click on Identity under the Newely cerated Access Seriice and select the Rule Based results selection
Click on OK for the message
Click on create
Enter Name
Click Select for Identity Source
Select AD1 and Click on OK
Access Policy >> Newly created Access Service >> Identity
Customize >> Add protocols >> OK
Click On Create
Enter Name
Check Protocol >> Match >> and Select Protocol. Select Tacacs +, Select OK
Click on Select for Identity Source. Select AD1 and clock on OK
Ok on the Original Page
Enable Authorization
Access Policy >> Newly created Access Service >> Authorization
Create and Enter a name
Status is Enable
Select Shell Profile created Earlier and select OK
For condition, select AD and External Groups for attributes.
Select for operators and select the group under Directory services added earlier
Under current Conditions, Select Add V and click on ok
Enableing the Service
Click on Service Selection Rule >> Create
Check Protocol and select Tacacs+
Select newely created group under service and select OK