Guest

Preview Tool

Cisco Bug: CSCvu84307 - Enhancement Request - Ability to disable "Basic" usergroup in vManage for SSO puposes

Last Modified

Aug 31, 2020

Products (1)

  • Cisco SD-WAN

Known Affected Releases

19.2.2

Description (partial)

Symptom:
If you are using SSO for the vManage, there is no way to disable the "Basic" usergroup allowing users to login to vManage using local credentials and access the dashboard.  Permissions can be removed so the user cannot navigate anywhere or perform any actions, but they can still view the main dashboard.  The user is granted Basic group privileges by vManage even if it doesn’t belong to any of the groups configured on vManage.  When the user is being authenticated with the use of SAML in the scenario where none of the groups configured on vManage is sent within the SAML negotiation process the user is granted Basic group privileges by vManage.   If there is no valid information in Groups field within SAML negotiation User should not be allowed to login to the vManage.

Conditions:
Have SSO configured and in use, but not have a mapped "Basic" usergroup to the SSO
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.