Manuals / Cisco Systems / Marine Equipment / Marine RADAR

Cisco Systems MaaS360 manual Active Directory/LDAP Integration, AD Group Memberships

Models: MaaS360

1 42
Download 42 pages 34.26 Kb
Page 20
Image 20

Figure 13 Cloud Extender AD Configuration

Active Directory/LDAP Integration

Integrating ISE and the MDM to a common directory is important for overall operations. One benefit is the ability to set a requirement that a user periodically change their directory password. If the MDM were using a local directory, it would be nearly impossible to keep the accounts in synchronization. But with a centralized directory structure, password management can be simplified. The main advantage is the ability to establish complementary network and device policy base on group membership. The CVD provides examples of how groups can be used to establish a user’s entitlement to network resources. Likewise, the same group membership can be used to differentiate access to device resources and mobile applications.

AD Group Memberships

Three possible AD groups are presented in the CVD to illustrate their usage—Domain Users,

BYOD_Partial_Access, and BYOD_ Full_Access. ISE establishes the device’s network access based on the associated user’s membership.

Figure 14 shows the policies presented in the CVD.

20Integrating Fiberlink MaaS360 with Cisco Identity Services Engine

Page 19 Page 21
Page 20
Image 20
Cisco Systems MaaS360 manual Active Directory/LDAP Integration, AD Group Memberships
Page 19 Page 21