Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 151

    Page 151 7-21 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 7 Managing Network Resources Working with External Proxy Servers NoteIf you want ACS to forward unknown RADIUS attributes you have to define VSAs for proxy. Related Topics RADIUS and TACACS+ Proxy Services, page 3-7 RADIUS and TACACS+ Proxy Requests, page 4-29 Configuring General Access Service Properties, page 10-13 Deleting External Proxy Servers, page 7-21 Deleting External Proxy Servers To delete an external proxy... 
    7-21
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 7      Managing Network Resources
  Working with External Proxy Servers
NoteIf you want ACS to forward unknown RADIUS attributes you have to define VSAs for proxy.
Related Topics
RADIUS and TACACS+ Proxy Services, page 3-7
RADIUS and TACACS+ Proxy Requests, page 4-29
Configuring General Access Service Properties, page 10-13
Deleting External Proxy Servers, page 7-21
Deleting External Proxy Servers
To delete an external proxy...

    Page 152

    Page 152 7-22 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 7 Managing Network Resources Working with External Proxy Servers 
    7-22
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 7      Managing Network Resources
  Working with External Proxy Servers

    Page 153

    Page 153 CH A P T E R 8-1 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 8 Managing Users and Identity Stores Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting access to a particular network resource, ACS authenticates the host and decides whether the host can communicate with the network resource. To authenticate and authorize a user or host, ACS uses... 
    CH A P T E R
8-1
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
8
Managing Users and Identity Stores
Overview
ACS manages your network devices and other ACS clients by using the ACS network resource 
repositories and identity stores. When a host connects to the network through ACS requesting access to 
a particular network resource, ACS authenticates the host and decides whether the host can communicate 
with the network resource.
To authenticate and authorize a user or host, ACS uses...

    Page 154

    Page 154 8-2 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Overview Fixed components are: Name Description Password Enabled or disabled status Identity group to which users belong Configurable components are: Enable password for TACACS+ authentication Sets of identity attributes that determine how the user definition is displayed and entered Cisco recommends that you configure identity attributes before you create users. When identity... 
    8-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Overview
Fixed components are:
Name
Description
Password
Enabled or disabled status
Identity group to which users belong
Configurable components are:
Enable password for TACACS+ authentication
Sets of identity attributes that determine how the user definition is displayed and entered
Cisco recommends that you configure identity attributes before you create users. When identity...

    Page 155

    Page 155 8-3 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Overview Identity Stores with Two-Factor Authentication You can use the RSA SecurID Token Server and RADIUS Identity Server to provide two-factor authentication. These external identity stores use an OTP that provides greater security. The following additional configuration options are available for these external identity stores: Identity caching—You can enable identity caching for... 
    8-3
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Overview
Identity Stores with Two-Factor Authentication
You can use the RSA SecurID Token Server and RADIUS Identity Server to provide two-factor 
authentication. These external identity stores use an OTP that provides greater security. The following 
additional configuration options are available for these external identity stores:
Identity caching—You can enable identity caching for...

    Page 156

    Page 156 8-4 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing Internal Identity Stores Identity Sequences You can configure a complex condition where multiple identity stores and profiles are used to process a request. You can define these identity methods in an Identity Sequence object. The identity methods within a sequence can be of any type. The identity sequence is made up of two components, one for authentication and the other... 
    8-4
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing Internal Identity Stores
Identity Sequences
You can configure a complex condition where multiple identity stores and profiles are used to process a 
request. You can define these identity methods in an Identity Sequence object. The identity methods 
within a sequence can be of any type. 
The identity sequence is made up of two components, one for authentication and the other...

    Page 157

    Page 157 8-5 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing Internal Identity Stores Authentication information NoteACS 5.3 supports authentication for internal users against the internal identity store only. This section contains the following topics: Authentication Information, page 8-5 Identity Groups, page 8-6 Managing Identity Attributes, page 8-7 Configuring Authentication Settings for Users, page 8-9 Creating Internal Users,... 
    8-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing Internal Identity Stores
Authentication information
NoteACS 5.3 supports authentication for internal users against the internal identity store only.
This section contains the following topics:
Authentication Information, page 8-5
Identity Groups, page 8-6
Managing Identity Attributes, page 8-7
Configuring Authentication Settings for Users, page 8-9
Creating Internal Users,...

    Page 158

    Page 158 8-6 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing Internal Identity Stores Identity Groups You can assign each internal user to one identity group. Identity groups are defined within a hierarchical structure. They are logical entities that are associated with users, but do not contain data or attributes other than the name you give to them. You use identity groups within policy conditions to create logical groups of users... 
    8-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing Internal Identity Stores
Identity Groups
You can assign each internal user to one identity group. Identity groups are defined within a hierarchical 
structure. They are logical entities that are associated with users, but do not contain data or attributes 
other than the name you give to them. 
You use identity groups within policy conditions to create logical groups of users...

    Page 159

    Page 159 8-7 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing Internal Identity Stores Related Topics Managing Users and Identity Stores, page 8-1 Managing Internal Identity Stores, page 8-4 Performing Bulk Operations for Network Resources and Users, page 7-8 Identity Groups, page 8-3 Creating Identity Groups, page 8-6 Deleting an Identity Group, page 8-7 Deleting an Identity Group To delete an identity group: Step 1Select Users and... 
    8-7
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing Internal Identity Stores
Related Topics
Managing Users and Identity Stores, page 8-1
Managing Internal Identity Stores, page 8-4
Performing Bulk Operations for Network Resources and Users, page 7-8
Identity Groups, page 8-3
Creating Identity Groups, page 8-6
Deleting an Identity Group, page 8-7
Deleting an Identity Group
To delete an identity group:
Step 1Select Users and...

    Page 160

    Page 160 8-8 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing Internal Identity Stores Standard Attributes Ta b l e 8 - 1 describes the standard attributes in the internal user record. User Attributes Administrators can create and add user-defined attributes from the set of identity attributes. You can then assign default values for these attributes for each user in the internal identity store and define whether the default values are... 
    8-8
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing Internal Identity Stores
Standard Attributes
Ta b l e 8 - 1 describes the standard attributes in the internal user record.
User Attributes
Administrators can create and add user-defined attributes from the set of identity attributes. You can then 
assign default values for these attributes for each user in the internal identity store and define whether 
the default values are...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals