Cisco Acs 5x User Guide

16-5
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Understanding Roles
NoteAt first login, only the Super Admin is assigned to a specific administrator.
Related Topics
Administrator Accounts and Role Association
Creating, Duplicating, Editing, and Deleting Administrator Accounts
Changing Role Associations
By design, all roles in ACS are predefined and cannot be changed. ACS allows you to only change role 
associations. Owing to the...

16-6
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Creating, Duplicating, Editing, and Deleting Administrator Accounts
Administrator Accounts and Role Association
Administrator account definitions consist of a name, status, description, e-mail address, password, and 
role assignment.
NoteIt is recommended that you create a unique administrator for each person. In this way, operations are 
clearly recorded in the audit log....

16-7
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Creating, Duplicating, Editing, and Deleting Administrator Accounts
Step 2Do any of the following:
Click Create.
Check the check box next to the account that you want to duplicate and click Duplicate.
Click the account that you want to modify; or, check the check box for the Name and click Edit.
Check the check box next to the account for which you want to change the password and click...

16-8
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Viewing Predefined Roles
The new account is saved. The Administrators page appears, with the new account that you created or 
duplicated.
Related Topics
Understanding Roles, page 16-3
Administrator Accounts and Role Association, page 16-6
Viewing Predefined Roles, page 16-8
Configuring Authentication Settings for Administrators, page 16-9
Viewing Predefined Roles
See Ta b l e 1 6 - 1...

16-9
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Configuring Authentication Settings for Administrators
Related Topics
Understanding Roles, page 16-3
Administrator Accounts and Role Association, page 16-6
Configuring Authentication Settings for Administrators, page 16-9
Configuring Authentication Settings for Administrators
Authentication settings are a set of rules that enhance security by forcing administrators to use strong...

16-10
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Configuring Authentication Settings for Administrators
NoteACS automatically deactivates or disables your account based on your last login, last password 
change, or number of login retries. The CLI and PI user accounts are blocked and they receive 
a notification that they can change the password through the web interface. If your account is 
disabled, contact another administrator to...

16-11
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Configuring Session Idle Timeout
Related Topics
Understanding Roles, page 16-3
Administrator Accounts and Role Association, page 16-6
Viewing Predefined Roles, page 16-8
Configuring Session Idle Timeout
A GUI session, by default, is assigned a timeout period of 30 minutes. You can configure a timeout 
period for anywhere from 5 to 90 minutes.
To configure the timeout period:
Step...

16-12
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Resetting the Administrator Password
Step 3Click Create in the IP Range(s) area.
A new window appears. Enter the IP address of the machine from which you want to allow remote access 
to ACS. Enter a subnet mask for an entire IP address range.
Step 4Click OK.
The IP Range(s) area is populated with the IP addresses. Repeat Step 3 to add other IP addresses or 
ranges for which you want to...

16-13
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Changing the Administrator Password
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/command/
reference/cli_app_a.html#wp1893005.
NoteYou cannot reset the administrator password through the ACS web interface.
Changing the Administrator Password
ACS 5.3 introduces a new role Change Admin Password that entitles an administrator to change another...

16-14
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16      Managing System Administrators
  Changing the Administrator Password
Resetting Another Administrator’s Password
To reset another administrator’s password:
Step 1Choose System Administration > Administrators > Accounts.
The Accounts page appears with a list of administrator accounts.
Step 2Check the check box next to the administrator account for which you want to change the password and 
click Change Password.
The...