Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 221

    Page 221 9 Managing Users and Identity Stores Configuring Identity Store Sequences Authentication Sequence An identity store sequence can contain a definition for certificate-based authentication or password-based authentication or both. If you select to perform authentication based on a certificate, you specify a single Certificate Authentication Profile, which you have already defined in ACS. If you select to perform authentication based on a password, you can define a list of databases to be accessed... 
    9   
Managing Users and Identity Stores
Configuring Identity Store Sequences
Authentication Sequence
An identity store sequence can contain a definition for certificate-based authentication or password-based authentication or 
both. 
If you select to perform authentication based on a certificate, you specify a single Certificate Authentication Profile, which 
you have already defined in ACS.
If you select to perform authentication based on a password, you can define a list of databases to be accessed...

    Page 222

    Page 222 9 Managing Users and Identity Stores Configuring Identity Store Sequences 3.Click Submit. Table 65 Identity Store Sequence Properties Page Option Description General Name Enter the name of the identity store sequence. Description Enter a description of the identity store sequence. Authentication Method List Certificate Based Check this check box to use the certificate-based authentication method. If you choose this option, you must enter the certificate authentication profile. Click Select to choose... 
    9
Managing Users and Identity Stores
 
Configuring Identity Store Sequences
3.Click Submit.
Table 65 Identity Store Sequence Properties Page
Option Description
General
Name Enter the name of the identity store sequence.
Description Enter a description of the identity store sequence.
Authentication Method List
Certificate Based Check this check box to use the certificate-based authentication method. If you choose this 
option, you must enter the certificate authentication profile. Click Select to choose...

    Page 223

    Page 223 9 Managing Users and Identity Stores Configuring Identity Store Sequences The Identity Store Sequences page reappears. Related Topics Performing Bulk Operations for Network Resources and Users, page 7 Viewing Identity Policies, page 23 Managing Internal Identity Stores, page 4 Managing External Identity Stores, page 29 Configuring Certificate Authentication Profiles, page 89 Deleting Identity Store Sequences, page 93 Deleting Identity Store Sequences To delete an identity store sequence:... 
    9   
Managing Users and Identity Stores
Configuring Identity Store Sequences
The Identity Store Sequences page reappears. 
Related Topics
Performing Bulk Operations for Network Resources and Users, page 7
Viewing Identity Policies, page 23
Managing Internal Identity Stores, page 4
Managing External Identity Stores, page 29
Configuring Certificate Authentication Profiles, page 89
Deleting Identity Store Sequences, page 93
Deleting Identity Store Sequences
To delete an identity store sequence:...

    Page 224

    Page 224 9 Managing Users and Identity Stores Configuring Identity Store Sequences 
    9
Managing Users and Identity Stores
 
Configuring Identity Store Sequences

    Page 225

    Page 225 1 Cisco Systems, Inc.www.cisco.com Managing Policy Elements A policy defines the authentication and authorization processing of clients that attempt to access the ACS network. A client can be a user, a network device, or a user associated with a network device. Policies are sets of rules. Rules contain policy elements, which are sets of conditions and results that are organized in rule tables. See ACS 5.x Policy Model, page 1 for more information on policy design and how it is implemented in ACS.... 
    1
Cisco Systems, Inc.www.cisco.com
 
Managing Policy Elements
A policy defines the authentication and authorization processing of clients that attempt to access the ACS network. A 
client can be a user, a network device, or a user associated with a network device.
Policies are sets of rules. Rules contain policy elements, which are sets of conditions and results that are organized in 
rule tables. See ACS 5.x Policy Model, page 1 for more information on policy design and how it is implemented in ACS....

    Page 226

    Page 226 2 Managing Policy Elements Managing Policy Conditions —Enable Duration—You have the option to limit the duration during which the condition is enabled by specifying an optional start time, end time, or both. This component allows you to create rules with limited time durations that effectively expire. If the condition is not enabled, then this component of the date and time condition returns false. —Time Intervals—On the ACS web interface, you see a grid of time that shows the days of the week and... 
    2
Managing Policy Elements
 
Managing Policy Conditions
—Enable Duration—You have the option to limit the duration during which the condition is enabled by specifying an 
optional start time, end time, or both. This component allows you to create rules with limited time durations that 
effectively expire.
If the condition is not enabled, then this component of the date and time condition returns false.
—Time Intervals—On the ACS web interface, you see a grid of time that shows the days of the week and...

    Page 227

    Page 227 3 Managing Policy Elements Managing Policy Conditions Creating, Duplicating, and Editing a Date and Time Condition Create date and time conditions to specify time intervals and durations. For example, you can define shifts over a specific holiday period. When ACS processes a rule with a date and time condition, the condition is compared to the date and time information of the ACS instance that is processing the request. Clients that are associated with this condition are subject to it for the... 
    3   
Managing Policy Elements
Managing Policy Conditions
Creating, Duplicating, and Editing a Date and Time Condition
Create date and time conditions to specify time intervals and durations. For example, you can define shifts over a specific 
holiday period. When ACS processes a rule with a date and time condition, the condition is compared to the date and 
time information of the ACS instance that is processing the request. Clients that are associated with this condition are 
subject to it for the...

    Page 228

    Page 228 4 Managing Policy Elements Managing Policy Conditions To add date and time conditions to a policy, you must first customize the rule table. See Customizing a Policy, page 4. 4.Click Submit. The date and time condition is saved. The Date and Time Conditions page appears with the new date and time condition that you created or duplicated. Note: ACS has services and resources that are time sensitive. So, it is advised to restart all services after performing operations such as changing the clock, time... 
    4
Managing Policy Elements
 
Managing Policy Conditions
To add date and time conditions to a policy, you must first customize the rule table. See Customizing a Policy, page 4.
4.Click Submit.
The date and time condition is saved. The Date and Time Conditions page appears with the new date and time 
condition that you created or duplicated. 
Note: ACS has services and resources that are time sensitive. So, it is advised to restart all services after performing 
operations such as changing the clock, time...

    Page 229

    Page 229 5 Managing Policy Elements Managing Policy Conditions Configuring Access Service Policies, page 22 Creating, Duplicating, and Editing a Custom Session Condition The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes as a condition in a policy rule, you must first create a custom condition for the attribute. In this way, you define a smaller subset of attributes to use in policy conditions, and present a smaller focused list from which to choose... 
    5   
Managing Policy Elements
Managing Policy Conditions
Configuring Access Service Policies, page 22
Creating, Duplicating, and Editing a Custom Session Condition
The protocol and identity dictionaries contain a large number of attributes. To use any of these attributes as a condition 
in a policy rule, you must first create a custom condition for the attribute. In this way, you define a smaller subset of 
attributes to use in policy conditions, and present a smaller focused list from which to choose...

    Page 230

    Page 230 6 Managing Policy Elements Managing Policy Conditions The new custom session condition is saved. The Custom Condition page appears with the new custom session condition. Clients that are associated with this condition are subject to it for the duration of their session. Related Topics Creating, Duplicating, and Editing a Date and Time Condition, page 3 Deleting a Session Condition, page 6 Configuring Access Service Policies, page 22 Deleting a Session Condition To delete a session condition:... 
    6
Managing Policy Elements
 
Managing Policy Conditions
The new custom session condition is saved. The Custom Condition page appears with the new custom session 
condition. Clients that are associated with this condition are subject to it for the duration of their session.
Related Topics
Creating, Duplicating, and Editing a Date and Time Condition, page 3
Deleting a Session Condition, page 6
Configuring Access Service Policies, page 22
Deleting a Session Condition
To delete a session condition:...
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals