Cisco Systems CSACS3415K9 Benutzerhandbuch
8-8
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Managing Internal Identity Stores
Standard Attributes
describes the standard attributes in the internal user record.
User Attributes
Administrators can create and add user-defined attributes from the set of identity attributes. You can then
assign default values for these attributes for each user in the internal identity store and define whether
the default values are required or optional.
assign default values for these attributes for each user in the internal identity store and define whether
the default values are required or optional.
You need to define users in ACS, which includes associating each internal user with an identity group,
a description (optional), a password, an enable password (optional), and internal and external user
attributes.
a description (optional), a password, an enable password (optional), and internal and external user
attributes.
Internal users are defined by two components: fixed and configurable. Fixed components consist of these
attributes:
attributes:
•
Name
•
Description
•
Password
•
Enabled or disabled status
•
Identity group to which they belong
Configurable components consist of these attributes:
•
Enable password for TACACS+ authentication
•
Sets of identity attributes that determine how the user definition is displayed and entered
Cisco recommends that you configure identity attributes before you create users. When identity
attributes are configured:
attributes are configured:
•
You can enter the corresponding values as part of a user definition.
•
They are available for use in policy decisions when the user authenticates.
Internal user identity attributes are applied to the user for the duration of the user’s session.
Internal identity stores contain the internal user attributes and credential information used to authenticate
internal users (as defined by you within a policy).
internal users (as defined by you within a policy).
External identity stores are external databases on which to perform credential and authentication
validations for internal and external users (as defined by you within a policy).
validations for internal and external users (as defined by you within a policy).
Table 8-1
Standard Attributes
Attribute
Description
Username
ACS compares the username against the username in the authentication request.
The comparison is case-insensitive.
The comparison is case-insensitive.
Status
•
Enabled status indicates that the account is active.
•
Disabled status indicates that authentications for the username will fail.
Description
Text description of the attribute.
Identity Group
ACS associates each user to an identity group. See
for information.