Configure AAA Criteria Settings for DAP

DAP complements AAA services by providing a limited set of authorization attributes that can override the attributes that AAA provides. The threat defense select DAP records based on the AAA authorization information for the user and posture assessment information for the session. The threat defense can choose multiple DAP records depending on this information, which it then aggregates to create DAP authorization attributes.

Procedure

Step 1

Choose Devices > Dynamic Access Policy.

Step 2

Edit an existing DAP policy or create a new one and then edit the policy.

Step 3

Select a DAP record or create a new one, and edit the DAP record.

Step 4

Click AAA Criteria.

Step 5

Select one of the Match criteria between sections.

  • Any—Matches any of the criteria.

  • All—Matches all the criteria.

  • None—Matches none of the set criteria.

Step 6

Click Add to add the required Cisco VPN Criteria.

Cisco VPN criteria include attributes for group policy, assigned IPv4 address, assigned IPv6 address, connection profile, username, username 2, and SCEP required.

  1. Select an attribute and specify the Value.

  2. Click Add another criteria to add more criteria.

  3. Click Save.

SCEP Required

Step 7

Select LDAP Criteria, RADIUS Criteria, or SAML Criteria and specify the Attribute ID and Value.

Step 8

Click Save.