AD group membership determine single factor vs dual factor Auth

sstengersstenger Member
I have a site where Active Directory group membership should determine whether users are prompted for single-factor or two-factor authentication.

GroupA (single factor) - Windows server group NTML
GroupB (two-factor) - RADIUS: duo

I imagine there is away with an aFlex script after primary authentication to query group membership, and if the user is a member of groupB use the radius server for authorization.

AAM:attribute_collection? Does anyone have an example?

* I'm unable to use AAA URI match rules :(
Sign In or Register to comment.