Expressway can authenticate accounts either locally or against a remote directory service using LDAP (currently, only
Windows Active Directory is supported), or it can use a combination of local and remotely managed accounts. The
remote option allows administration groups to be set up in the directory service for all Expressways in an enterprise,
removing the need to have separate accounts on each Expressway.

See

Configuring Remote Account Authentication Using LDAP, page 176

and

Authenticating Expressway Accounts

using LDAP Deployment Guide

for more information about setting up remote authentication.

If a remote source is used for administrator account authentication, you also need to configure the Expressway with:

■

appropriate LDAP server connection settings

■

administrator groups that match the corresponding group names already set up in the remote directory service
to manage administrator access to this Expressway (see

Configuring Administrator Groups, page 179

)

The Expressway can also be configured to use

certificate-based authentication

. This would typically be required if

the Expressway was deployed in a highly-secure environment.

Account Types

Administrator accounts

Administrator accounts are used to configure the Expressway.

■

The Expressway has a default admin local administrator account with full read-write access. It can be used to
access the Expressway using the web interface, the API interface or the CLI. Note that you cannot access the
Expressway via the default admin account if a Remote only authentication source is in use.

Cisco Systems, Inc.

www.cisco.com

172