ACS 5.5 External User with Internal Attribute

Hi Guys,
i'm wondering, if i using LDAP for external authentication, can i use the internal identity attribute?
for example :
i create an user X , his password type is LDAP, but the identity group is "Group 1"
can i define rules
Idenitty Group in "Group 1" permit access ?
or i need to do group mapping first?
Thanks,
Regards,

It is possible to define an internal user whose password is taken from an external store.
In internal user definition select "Password Type" to be the LDAP database and then define the rest of the user definition, including identity groups, as desired

Similar Messages

  • Controll user access with internal attribute date

    I all.
    i've created an internal attribute called Date-of-validity  of type Date.
    the objective is to controll user access based on the date configured in this attribute and permit acces only when the date as not been reached.
    who do i control-it, putt the acs looking to the date in an autommated way.
    thanks in adv
    Antero Vasconcelos

    It is possible to define an internal user whose password is taken from an external store.
    In internal user definition select "Password Type" to be the LDAP database and then define the rest of the user definition, including identity groups, as desired

  • Conversion of External material with Internal using search help

    Hi,
    We are working on ECC 6.0 for automotive company and have following scenario.
    One OE (External/Customer) material number (MARA-BISMT) with more than one internal material number (MARA-MATNR). This has been done because same customer material is sold by delar for different brands, for exmaple BMW, Ford, Opel. Therefore we have different internal materials with respective brands with same external number in material master. 
    Business requirement is, all correspondence with customer or vendor should be done using external/customer material number.
    Whereas all internal business process should use internal SAP material number.
    For example as given below
    External No. --> Internal No.
    BMW-1 --> 1001 (Brand - BMW)
    BMW-1 --> 1002 (Brand - Ford)
    BMW-1 --> 1003 (Brand - Opel)
    Now the requirement is that user will create document, for example PO or SO, with external/customer material number. While
    doing that user should get a pop up screen after entering external material number, if external material is attached/corresponds to multilple internal material number. Then user will selects correct internal number from pop up screen and return to document screen but material field should displayed with external material number.
    For example in above case, user will enter BMW-1. Pup up screen will have three internal numbers 1001, 1002 and 1003. User selects 1003 but after material conversion material field of the document will displayed as BMW-1.
    We are using Customer enhancement - "MGA00003 Material Master (Industry and Retail): Number Display" for input/ouput conversion.
    Also we have created Elementary Search Help - SEARCH_OE_NUMBER with Hot Key "Q". This search help is included into
    collective search help "MAT1_A" so that user can able to see multiple internal material number by entring customer material number.
    We are able to convert external material number with internal material number and put the external material while creating PO. But when we add another item in PO, search help is getting called again and again for first line item even after conversion of matrial has been taken place.
    How we can avoid this multiple calling of serach help?
    Is there any better way to achieve this requirement?
    Please help us.
    Thanks,

    We have resolved this issue by redesigning material master data.

  • Can't Login to SharePoint as an invited External User / Can't Remove All Traces of External User with Microsoft Account

    Hi TechNet,
    I have an MS SharePoint Online (SharePoint Plan 2) team site, quite simple, one document library etc.
    I have successfully added all users (E3) within the organisation to groups, and permissioned correctly.
    I have added myself (separate organisation, also Office 365 E3) as an External User, and have access to the website without any problems by authenticating with my Organization account e-mail address.
    I have a single user (separate organisation, also Office 365 E3), who's setup is identical to mine (Also Office 365 E3).
    However, when this user is added as an External User, they are unable to login, and get "Sign In is not complete":
    That didn't work
    We're sorry, but [email protected] can't be found in the CLIENT1.sharepoint.com directory. Please try again later, while we try to automatically fix this for you. 
    Correlation ID: dc1f7f9c-092b-20b8-7b35-89348ba22f71
    Date and Time: 3/20/2014 7:06:55 AM
    URL: https://CLIENT1.sharepoint.com/
    User: [email protected]
    Issue Type: Partner User Invalid.    
    I then remove the user using the Site Collection, and using the PRofile Manager, and using Remove-SPOUser, and using Remove-SPOExternalUser. Which is great, he's gone. However when I go to add him back to a group, as soon as I type his e-mail address, it
    'Resolves' into his full name! If I have completely(?) removed him form the site, how is he being resolved? And therefore me trying to remove him to re-add him to try and solve the user/directory/auth issue is not working.
    Furthermore, upon clicking on said client's username inside SharePoint (after I've 'added him back' of course), his ID, in format: i:0#.f|membership|live.com#[email protected] has an entirely different e-mail address, his Microsoft Account! 
    I'm assuming he must have been already signed into his Microsoft Account when he clicked on the External User e-mail invite? If so, I clearly do not want this, how can I remove lal traces of his Microsoft Account, given that I have gone to the lengths as
    detailed above?
    I have already completed these steps: http://community.office365.com/en-us/forums/148/p/228263/709905.aspx
    Some possible further reading regarding Microsoft ID's and Organization ID's:
    http://sergeluca.wordpress.com/2013/09/23/sharepoint-online-and-external-users-this-invitation-has-already-been-accepted-with-another-account-bug-or-feature/
    Please let me know if you need any more information regarding this issue, and thanks in advance to anyone who can shed some light on this situation for me and anyone whom encounters it in the future.
    Regards,
    Evanly.

    Hi Scott,
    Thank you so much for taking the time to read and respond to my issue.
    Certainly, it makes sense that regardless of where the invitation it sent, the user would authenticate with their Microsoft ID.
    In my case, I want the user to authenticate using their Microsoft Organisation ID, that they use for their seperate Office 365 account.
    This is the way I was able to log in, and worked great. With my client, they are unable to access Sharepoint because once they sign in with their Microsoft Organisation / Office 365 ID, they are told they are not in the directory, because their Microsoft
    ID is in the directory and it doesn't match up.
    I am simultaneously trying to 1) Remove all traces of this users Microsoft ID, which so far using the above steps, has been unsuccessful; and 2) Invite the user using his Microsoft Organisation ID, and have him authenticate with that (which is proved to
    work, as my account uses this).
    Looking forward to any more suggestions. Thanks in advance!

  • Two external display with internal diplay on E531

    Hi,
    I have a ThinkPad E531 laptop, and that includes are VGA and HDMI plug. The video card is Intel HD. Can I use 2 external monitor (over VGA and HDMI) with the internal display? (So I want to use 3 displays).
    Thanks!
    Regards,
    Tamás

    Hello dljfield,
    Thanks for using Apple Support Communities.
    If you'd like to use multiple external displays with a MacBook Pro with Retina display, then please take a look at the information outlined below. A 15" MacBook Pro mid-2014 can support up to two external displays using different outputs.
    MacBook Pro (Retina, 15-inch, Mid 2014) - Technical Specifications
    OS X Yosemite: Connect multiple displays to your Mac
    Take care,
    Alex H.

  • ACS 4.1 External DB with Windows 2008 AD

    I have the following scenario:
    - ACS ver 4.1.1.23 on Windows 2003 Standard with SP2, Domain controller server
    - The main AD database is running on Windows 2008
    Does anybody knows if I still need to upgrade from 4.1.X.Y to 4.2.X.Y to be able to authenticated users against Windows 2008 AD database?
    Or I only need the 4.2 upgrade when the ACS is installed on a Windows 2008 server?
    Thanks in advanced.
    Oscar Perez

    If ACS is on member server you need to upgrade it to 4.2 patch 9 to make acs work with 2008 DC.
    2008 DC support is included from 4.2 patch 4 but I recommend to go for patch 9.
    Regards,
    ~JG
    Do rate helpful posts

  • Redirect external user (internet) & internal user (intranet)

    Hi, we are developing a public portal services in which we have two kind of user: a) public user that access through internet to the portal. b) internal user that access inside a domain to the portal.
    We want to know How we can know which is the external and which is the internal in order to assign a portal desktop.
    I have seen in the forms the following options:
    1.-> IISPROXY
    2.-> SPNEGO
    3.-> APACHE & SAPDISPATCHER
    1.-> It seems that we the last release of the portal is obsolete
    2.-> It seems that SPNEGO is for internal use only (intranet).
    3.-> I have not documentation about.
    I would be very grateful if someone give a solution and documentation or links about it.
    Thanks in advanced.
    Regards.

    Hi Optima,
      You can use a appIntegrator to distinguish intranet/ extranet users..
      Have a look at "HowToUseAppIntegrator_en.pdf" from service market place.
    This weblog should give you some idea about appintegrator: Step-By-Step Guide to implement Application Integrator
    Regards,
    SK.

  • Use of external keypad with internal keyboard

    Hi folks,
    I've just got my new Tecra S4-122, of course without an integrated numeric keypad, so I've such a thing too. The problem is now that I'm not able to use the numbers on the keypad without activating the internal "keypad" (Use of normal letters as numbers), so it's not really helpful, because I can't use it during typing. Is there any solution to activate ONLY the external keypad (Labtec thing on USB)?
    Thanks in advance!
    Best regards,
    Phip

    Hi
    Unfortunately, its seems there is not other way as to enable the keypad with FN+F11.
    best regards
    Jimi

  • CiscoSecure ACS v4.2 - block users with number of unsuccessful auth retries

    Hi experts,
    I recently took over support of our old Cisco ACS 4.2. I don't really know too much about it. What I know is that the ACS is used as a Radius server doing wireless 802.1x authentication. It is using Windows AD as the backend user database. Now there is situation that AD bans user account because of incorrect password. It could be because that user's AD password changed but the old password is cached on their iphone which triggered the lock of their accounts. Now they ask me if I can lock it on Radius/ACS instead of on AD. That way their account will still function on the wired PCs.
    I can't seem to find the setting. Is it possible?
    Thank you!

    I am still looking for an answer... Is it possible? I am ok if it is not but I need confirmation.
    Thanks!

  • ACS appliance 3.3 - user with mulptile static IPs

    Hi,
    currently we are using ACS Unix. There it os possible to assign static IPs to a user based on the radius dictonary.
    e.g.
    NAS1- Ascent Max uses dictionary Ascend gets 10.1.1.1
    NAS2- VPN 3000 uses IETF gets 10.1.2.1
    Any ideas how this could be resolved on an ACS appliance?
    Regards, Celio

    Following installation and initial configuration, see the User Guide for Cisco Secure ACS Solution Engine Version 3.3 for information on how to use a browser and the HTML interface to fully configure your Cisco Secure ACS Solution Engine to provide the AAA services you want from this installation.
    http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_guide_chapter09186a0080235f77.html

  • Another user with Internal error 10014, 7686536,7686826, 10069773?

    Help...The get this error message (Internal error 10014, 7686536,7686826, 10069773) whether I use the Print | Acrobat PDF or the Print Save as PDF. I am using the latest FM10 update (10.0.1.402) and Acrobat X Pro (10.1.0). Book was new and created entirely in FM10. I was having this error when I first used FM10 but the Acrobat update appeared to fix the problem. A week later, I am unable to print the book after making changes. I also am unable to print to PDF with books created in 9 and converted.
    My work environment is XP SP3 but I am also encountering the same problems on my box at home with Win7 SP1. I have tried all the setting suggested in the thread but still no-go. I exported the doc back to Word as RTF, stripped all the formating, and reimported back I have tried saving as a MIF and resaving as a new FM file.
    Don't know what else to try.
    Artwitch

    Yes, the Adobe PDF printer is set as default and I have High Quality Print selected. Yes, I can created PDFs out of Work but realize that a different driver is involved. I was able at one point to bring up files in FM9 and print but now that is hosed. I remember a similar problem back in the FM7 days but then I could do the MIF trick and get FM to settle down and work.
    Flailing in the dark and Adobe isn't fessing up. Linda H (aka Artwitch)

  • Any limitation on number of fill and print forms I can post on my website and have external users with Reader fill in, print and mail to me? (I don't need/want them to be able to fill and save data.)

    I would like to post fillable only forms to the public but not give them the option to save or email the filled in form. If they want a copy of what they've filled in, they must print it.
    I believe I can do this by just creating a fillable PDF and posting it without adding any reader extension capabilities. I also believe there is no limitation, as there is for fill and save forms as per this other post I read: Adobe Acrobat X Pro * Enable Reader users to save form data.
    My IT department is telling me they will not allow me to post fillable PDFs online due to a "license limitation" so I started researching this myself, and the above link is the only thing I've found. While that post specifically outlines the limitations on saving filled in forms, I'm really looking for something that specifically tells me that there is no limitation on fillable, non-saveable (yes, I know that's not a word...) forms.
    If anyone can provide additional information for me, I'd appreciate it. Or, if I'm completely wrong in my belief and there's a limitation either way, feel free to set me straight. I'd rather know the correct answer than be right!
    Thanks!!

    If you don't Reader-enable a document, then there are no licensing restrictions involved. Note that Reader 11 and all versions of Acrobat are able to save non-enabled forms, unlike previous versions.
    The question should not be whether a form is savable, but rather whether you used Acrobat to add usage rights to the form AND you (the licensee) plan on receiving filled-in instances (including hardcopies) of it. The simplest way is to not Reader-enable the form and convince your users to use Reader 11 (or Acrobat) if they want to save.

  • Creating User with identical attributes

    How do I create a New User who has the same Preferences and Permissions as an already existing user?
    iMac Intel   Mac OS X (10.4.9)  

    Read this:
    http://Gnarlodious.com/Computer/MacOsx/CloneUser

  • Retrieve all users with attributes from AD

    hi,
    i'd like to retrieve all users with their attributes from AD. I can connect to AD and i 'm able to retrieve entries from a group with the member class given in this forum.
    But my problem is i would like to retrieve users directly from the Users container
    thanx for help

    i solved one part of my problem.
    But, now i have to get all attributes for each users and i couldn't find them. The getattributes method doesn't return anything (i 'd like to retrieve the first name, last name, adress ...)
    thanx for help

  • Hiding costing related information to external users

    Hi
    We have several transcations where we have internal and external users using the transcation where we have financial information and would not like to make it visible to external users.
    Can you please let me know the various options available to avoid external users with the financial data.
    Few of the transcations are MIGO,CORT,CORS.MI03
    Thanks in advance.
    Regards
    Praveen

    Hi Praveen,
    The best answer to this would be to restrict this at the transaction level itself. The business should decide not give access to any of the tcodes to the users which can expose data related to costing etc.
    But, then if the tcode needs to be given but restricted then you may have to use your security expertise to find out which are the objects that could be restricted in the user's role. for eg in MIGO it would be :
    F_BKPF_BUK Accounting Document: Authorization for Company Codes
    Regards,
    Subbu

Maybe you are looking for