Forum Discussion
Jugoslav_106711
Nimbostratus
NimbostratusAPM querying NPS (Radius) for User Group
Hi folks,
we have following scenario, APM is using Radius for authentication and we need to take group membership from AD. As NPS does not indicate the user AD group membership, we need to customize NPS to take it from AD. Goal is to read user group from AD through NPS (Radius), APM reads it with Variable Assign and provide them proper webtop (admin - Full Network Access, Users - only links).
NPS is used for integration with 2 factor authentication solution, we would use AD Query otherwise. Also, feel free to propose any solution.
Find VPE attached, thank you in advance!
3 Replies
- Kevin_Stewart
Employee
Not sure what your question is. Are you reconfiguring NPS (Radius) to return AD group information, in which case APM can consume this, or performing a separate AD query in APM based on returned Radius data? 
Jugoslav_106711Thanks Kevin for prompted response,
I need to reconfigure NPS to return AD group information and how APM can query this info?- Kevin_StewartAPM isn't going to query for additional values in a Radius authentication. As part of the auth process, the Radius server will pass attributes back to APM. Those values will then populate a series of session.radius.last.attr.* session variables. So it really depends more on how you configure your Radius environment and what values you pass back. If that still doesn't meet your requirements, you can still do an AD or LDAP query to get what you need.
