Kim Keith Posted March 25, 2022 Share Posted March 25, 2022 Hi All I have setup OTP on Netscaler and it works fine - now i need it that users who are member of a AD group don't need to login with OTP (Leave the 3 bar blank on the gateway login page) In Policy Label i have a prority 100 = HTTP.REQ.COOKIE.VALUE("NSC_TASS").EQ("manageotp") Policy and in position 120 the Verify OTP policy label and LDAP authentication with OTP secrete and no Authentication.. Now i put in a 110 priority with a LDAP Authentication policy and the expression AAA.USER.IS_MEMBER_OF("adgroup") that should trigger it or it moves on to Verify OTP policy Label. But it is not working ? any idea on how to set it up, so users who are members in a AD will not have to input OTP. im thinking it has to be in the Policy Label part. Link to comment Share on other sites More sharing options...
CarlStalhood Posted March 25, 2022 Share Posted March 25, 2022 Try adding a PolicyLabel that checks for group membership. If not in group, then go to next factor that does OTP. Otherwise, the next policy in the PolicyLabel is a NoAuth policy. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now