Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 201

    Page 201 8-49 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Step 3Click: Username Predefined user in AD. AD account required for domain access in ACS should have either of the following: Add workstations to domain user right in corresponding domain. Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machines account is precreated (created before... 
    8-49
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Step 3Click: Username Predefined user in AD. AD account required for domain access in ACS should have either of 
the following:
Add workstations to domain user right in corresponding domain.
Create Computer Objects or Delete Computer Objects permission on corresponding 
computers container where ACS machines account is precreated (created before...

    Page 202

    Page 202 8-50 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Save Changes to save the configuration, join the ACS to the specified AD domain with the configured credentials, and start the AD agent. Discard Changes to discard all changes. If AD is already configured and you want to delete it, click Clear Configuration after you verify that: –There are no policy rules that use custom conditions based on the AD... 
    8-50
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Save Changes to save the configuration, join the ACS to the specified AD domain with the 
configured credentials, and start the AD agent.
Discard Changes to discard all changes.
If AD is already configured and you want to delete it, click Clear Configuration after you verify 
that:
–There are no policy rules that use custom conditions based on the AD...

    Page 203

    Page 203 8-51 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores The External User Groups dialog box appears displaying a list of AD groups in the domain, as well as other trusted domains in the same forest. If you have more groups that are not displayed, use the search filter to refine your search and click Go. Step 3Enter the AD groups or select them from the list, then click OK. To remove an AD group from the... 
    8-51
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
The External User Groups dialog box appears displaying a list of AD groups in the domain, as well as 
other trusted domains in the same forest.
If you have more groups that are not displayed, use the search filter to refine your search and click Go.
Step 3Enter the AD groups or select them from the list, then click OK.
To remove an AD group from the...

    Page 204

    Page 204 8-52 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Step 3Click: Save Changes to save the configuration. Discard Changes to discard all changes. Table 8-11 Active Directory: Attributes Page Option Description Name of example Subject to Select AttributesEnter the name of a user or computer found on the joined domain. You can enter the user’s or the computer’s CN or distinguished name. The set of... 
    8-52
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Step 3Click:
Save Changes to save the configuration.
Discard Changes to discard all changes.
Table 8-11 Active Directory: Attributes Page
Option Description
Name of example Subject to 
Select AttributesEnter the name of a user or computer found on the joined domain. You can enter the user’s or 
the computer’s CN or distinguished name.
The set of...

    Page 205

    Page 205 8-53 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores If AD is already configured and you want to delete it, click Clear Configuration after you verify that there are no policy rules that use custom conditions based on the AD dictionary. AD Deployments with Users Belonging to Large Number of Groups In ACS 5.3, when you move between AD domains, the user authentications show a timeout error if the user... 
    8-53
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
If AD is already configured and you want to delete it, click Clear Configuration after you verify 
that there are no policy rules that use custom conditions based on the AD dictionary. 
AD Deployments with Users Belonging to Large Number of Groups
In ACS 5.3, when you move between AD domains, the user authentications show a timeout error if the 
user...

    Page 206

    Page 206 8-54 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores RSA SecurID Server ACS supports the RSA SecurID server as an external database. RSA SecurID two-factor authentication consists of the user’s personal identification number (PIN) and an individually registered RSA SecurID token that generates single-use token codes based on a time code algorithm. A different token code is generated at fixed... 
    8-54
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
RSA SecurID Server
ACS supports the RSA SecurID server as an external database. RSA SecurID two-factor authentication 
consists of the user’s personal identification number (PIN) and an individually registered RSA SecurID 
token that generates single-use token codes based on a time code algorithm. 
A different token code is generated at fixed...

    Page 207

    Page 207 8-55 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores The RSA SecurID server administrator must uncheck the Node Secret Created check box on the Agent Host record in the RSA SecurID server. The ACS administrator must remove the securid file from ACS. Override Automatic Load Balancing RSA SecurID Agent automatically balances the requested loads on the RSA SecurID servers in the realm. However, you do... 
    8-55
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
The RSA SecurID server administrator must uncheck the Node Secret Created check box on the 
Agent Host record in the RSA SecurID server.
The ACS administrator must remove the securid file from ACS.
Override Automatic Load Balancing
RSA SecurID Agent automatically balances the requested loads on the RSA SecurID servers in the 
realm. However, you do...

    Page 208

    Page 208 8-56 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Step 4Click the ACS Instance Settings tab. See Configuring ACS Instance Settings, page 8-57 for more information. Step 5Click the Advanced tab. See Configuring Advanced Options, page 8-59 for more information. Step 6Click Submit to create an RSA SecurID store. The RSA SecurID Token Server page appears with the configured servers. Server Timeout n... 
    8-56
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Step 4Click the ACS Instance Settings tab. See Configuring ACS Instance Settings, page 8-57 for more 
information.
Step 5Click the Advanced tab. See Configuring Advanced Options, page 8-59 for more information.
Step 6Click Submit to create an RSA SecurID store.
The RSA SecurID Token Server page appears with the configured servers.
Server Timeout n...

    Page 209

    Page 209 8-57 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Related Topics: RSA SecurID Server, page 8-54 Configuring ACS Instance Settings, page 8-57 Configuring Advanced Options, page 8-59 Configuring ACS Instance Settings The ACS Instance Settings tab appears with the current list of ACS instances that are active in the system. You cannot add or delete these entries. However, you can edit the available... 
    8-57
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Related Topics:
RSA SecurID Server, page 8-54
Configuring ACS Instance Settings, page 8-57
Configuring Advanced Options, page 8-59
Configuring ACS Instance Settings
The ACS Instance Settings tab appears  with the current list of ACS instances that are active in the 
system. You cannot add or delete these entries. However, you can edit the available...

    Page 210

    Page 210 8-58 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Enable the RSA options file You can enable the RSA options file (sdopts.rec) on each ACS instance to control routing priorities for connections between the RSA agent and the RSA servers in the realm. Ta b l e 8 - 1 4 describes the fields in the RSA Options File tab. Do one of the following: Click OK to save the configuration. Click the Reset Agent... 
    8-58
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Enable the RSA options file
You can enable the RSA options file (sdopts.rec) on each ACS instance to control routing priorities for 
connections between the RSA agent and the RSA servers in the realm.
Ta b l e 8 - 1 4 describes the fields in the RSA Options File tab.
Do one of the following:
Click OK to save the configuration.
Click the Reset Agent...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals