Home > Cisco > Control System > Cisco Acs 57 User Guide

Cisco Acs 57 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 57 User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 431

    Page 431 7 Managing System Administrators Creating, Duplicating, Editing, and Deleting Administrator Accounts Administrator Accounts and Role Association Administrator account definitions consist of a name, status, description, e-mail address, password, and role assignment. Note: It is recommended that you create a unique administrator for each person. In this way, operations are clearly recorded in the audit log. Administrators are authenticated against the internal and external databases. You can edit and... 
    7   
Managing System Administrators
Creating, Duplicating, Editing, and Deleting Administrator Accounts
Administrator Accounts and Role Association
Administrator account definitions consist of a name, status, description, e-mail address, password, and role assignment.
Note: It is recommended that you create a unique administrator for each person. In this way, operations are clearly 
recorded in the audit log.
Administrators are authenticated against the internal and external databases.
You can edit and...

    Page 432

    Page 432 8 Managing System Administrators Creating, Duplicating, Editing, and Deleting Administrator Accounts 2.Do any of the following: Click Create. Check the check box the account that you want to duplicate and click Duplicate. Click the account that you want to modify; or, check the check box for the Name and click Edit. Check the check box the account for which you want to change the password and click Change Password. See Resetting Another Administrator’s Password, page 25 for more information. Note:... 
    8
Managing System Administrators
 
Creating, Duplicating, Editing, and Deleting Administrator Accounts
2.Do any of the following:
Click Create.
Check the check box the account that you want to duplicate and click Duplicate.
Click the account that you want to modify; or, check the check box for the Name and click Edit.
Check the check box the account for which you want to change the password and click Change Password. See 
Resetting Another Administrator’s Password, page 25 for more information.
Note:...

    Page 433

    Page 433 9 Managing System Administrators Creating, Duplicating, Editing, and Deleting Administrator Accounts 4.Click Submit. The new account is saved. The Administrators page appears, with the new account that you created or duplicated. Note: A SuperAdmin with static role assignment can create, assign, or remove SuperAdmin roles for other administrators whereas a SuperAdmin with dynamic role assignment cannot create, assign, or remove SuperAdmin roles for other administrators. Related Topics Understanding... 
    9   
Managing System Administrators
Creating, Duplicating, Editing, and Deleting Administrator Accounts
4.Click Submit. 
The new account is saved. The Administrators page appears, with the new account that you created or duplicated.
Note: A SuperAdmin with static role assignment can create, assign, or remove SuperAdmin roles for other administrators 
whereas a SuperAdmin with dynamic role assignment cannot create, assign, or remove SuperAdmin roles for other 
administrators.
Related Topics
Understanding...

    Page 434

    Page 434 10 Managing System Administrators Viewing Predefined Roles Exporting Administrator Accounts ACS 5.7 allows you to export the administrator accounts to a .csv file using the export option available on the Administrator Accounts page. This option exports all administrator accounts that are created and listed in the administrator accounts page to a .csv file. You can save this file to a local drive for audit purposes. You can also encrypt the exported file using an encryption password option. You need... 
    10
Managing System Administrators
 
Viewing Predefined Roles
Exporting Administrator Accounts
ACS 5.7 allows you to export the administrator accounts to a .csv file using the export option available on the 
Administrator Accounts page. This option exports all administrator accounts that are created and listed in the 
administrator accounts page to a .csv file. You can save this file to a local drive for audit purposes. You can also encrypt 
the exported file using an encryption password option. You need...

    Page 435

    Page 435 11 Managing System Administrators Configuring Authentication Settings for Administrators Viewing Role Properties Use this page to view the properties of each role. Choose System Administration > Administrators > Roles, and click a role or choose the role’s radio button and click View. The Roles Properties page appears as described in Table 17 on page 11: Related Topics Understanding Roles, page 3 Administrator Accounts and Role Association, page 7 Configuring Authentication Settings for... 
    11   
Managing System Administrators
Configuring Authentication Settings for Administrators
Viewing Role Properties
Use this page to view the properties of each role.
Choose System Administration > Administrators > Roles, and click a role or choose the role’s radio button and click 
View.
The Roles Properties page appears as described in Table 17 on page 11:
Related Topics
Understanding Roles, page 3
Administrator Accounts and Role Association, page 7
Configuring Authentication Settings for...

    Page 436

    Page 436 12 Managing System Administrators Configuring Authentication Settings for Administrators 3.In the Advanced tab, enter the values for the criteria that you want to configure for your administrator authentication process. Table 19 on page 12 describes the fields in the Advanced tab. Ta b l e 1 8 P a s s w o r d C o m p l e x i t y Ta b Option Description Applies to all ACS system administrator accounts Minimum length Required minimum length; the valid options are 4 to 127. Password may not contain... 
    12
Managing System Administrators
 
Configuring Authentication Settings for Administrators
3.In the Advanced tab, enter the values for the criteria that you want to configure for your administrator authentication 
process. 
Table 19 on page 12 describes the fields in the Advanced tab.
Ta b l e 1 8 P a s s w o r d  C o m p l e x i t y  Ta b
Option Description
Applies to all ACS system administrator accounts
Minimum length Required minimum length; the valid options are 4 to 127.
Password may not contain...

    Page 437

    Page 437 13 Managing System Administrators Configuring Session Idle Timeout Note: ACS automatically deactivates or disables your account based on your last login, last password change, or number of login retries. The CLI and PI user accounts are blocked and they receive a notification that they can change the password through ACS web interface. If your account is disabled, contact another administrator to enable your account. 4.Click Submit. The administrator password is configured with the defined... 
    13   
Managing System Administrators
Configuring Session Idle Timeout
Note: ACS automatically deactivates or disables your account based on your last login, last password change, or 
number of login retries. The CLI and PI user accounts are blocked and they receive a notification that they can change 
the password through ACS web interface. If your account is disabled, contact another administrator to enable your 
account.
4.Click Submit.
The administrator password is configured with the defined...

    Page 438

    Page 438 14 Managing System Administrators Configuring Administrator Access Settings interval that is defined in the application. The Distributed System Management page is automatically refreshed for the configured interval of time. You can configure the refresh interval from the Distributed System Management page of ACS web interface. To configure the timeout period: 1.Choose System Administration > Administrators > Settings > Session. The GUI Session page appears. 2.Enter the Session Idle Timeout value in... 
    14
Managing System Administrators
 
Configuring Administrator Access Settings
interval that is defined in the application. The Distributed System Management page is automatically refreshed for the 
configured interval of time. You can configure the refresh interval from the Distributed System Management page of ACS 
web interface.
To configure the timeout period:
1.Choose System Administration > Administrators > Settings > Session.
The GUI Session page appears.
2.Enter the Session Idle Timeout value in...

    Page 439

    Page 439 15 Managing System Administrators Working with Administrative Access Control Reject Remote Administration from a Select List of IP Addresses To reject administrators from accessing ACS remotely: 1.Choose System Administration > Administrators > Settings > Access. The IP Addresses Filtering page appears. 2.Click Reject connections from listed IP addresses radio button. The IP Range(s) area appears. 3.Click Create in the IP Range(s) area. A new window appears. 4.Enter the IP address of the machine that... 
    15   
Managing System Administrators
Working with Administrative Access Control
Reject Remote Administration from a Select List of IP Addresses
To reject administrators from accessing ACS remotely:
1.Choose System Administration > Administrators > Settings > Access.
The IP Addresses Filtering page appears.
2.Click Reject connections from listed IP addresses radio button.
The IP Range(s) area appears.
3.Click Create in the IP Range(s) area.
A new window appears.
4.Enter the IP address of the machine that...

    Page 440

    Page 440 16 Managing System Administrators Working with Administrative Access Control The Administrator authorization policy determines the role of the administrator for the session in ACS. The assigned role determines the permission of the administrator. Each role has a predefined list of permissions, and it can be viewed in the roles page. The AAC service processes these two policies in a sequence. You need to configure both the Administrator identity policy and the Administrator authorization policy.... 
    16
Managing System Administrators
 
Working with Administrative Access Control
The Administrator authorization policy determines the role of the administrator for the session in ACS. The assigned 
role determines the permission of the administrator. Each role has a predefined list of permissions, and it can be 
viewed in the roles page. 
The AAC service processes these two policies in a sequence. You need to configure both the Administrator identity policy 
and the Administrator authorization policy....
    Start reading Cisco Acs 57 User Guide

    Related Manuals for Cisco Acs 57 User Guide

    All Cisco manuals