Cisco Cisco Expressway Maintenance Manual
About user accounts
Administrator accounts are used to configure the Expressway.
Account authentication
Administrator accounts must be authenticated before access is allowed to the Expressway.
Expressway can authenticate accounts either locally or against a remote directory service using LDAP
(currently, only Windows Active Directory is supported), or it can use a combination of local and remotely
managed accounts. The remote option allows administration groups to be set up in the directory service for
all Expressways in an enterprise, removing the need to have separate accounts on each Expressway.
(currently, only Windows Active Directory is supported), or it can use a combination of local and remotely
managed accounts. The remote option allows administration groups to be set up in the directory service for
all Expressways in an enterprise, removing the need to have separate accounts on each Expressway.
If a remote source is used for administrator account authentication, you also need to configure the
Expressway with:
Expressway with:
n
appropriate LDAP server connection settings
n
administrator groups that match the corresponding group names already set up in the remote directory
service to manage administrator access to this Expressway (see
service to manage administrator access to this Expressway (see
. This would typically be
required if the Expressway was deployed in a highly-secure environment.
Account types
Administrator accounts
Administrator accounts are used to configure the Expressway.
n
The Expressway has a default admin local administrator account with full read-write access. It can be
used to access the Expressway using the web interface, the API interface or the CLI. Note that you cannot
access the Expressway via the default admin account if a Remote only authentication source is in use.
used to access the Expressway using the web interface, the API interface or the CLI. Note that you cannot
access the Expressway via the default admin account if a Remote only authentication source is in use.
n
You can add additional local administrator accounts which can be used to access the Expressway using
the web and API interfaces only.
the web and API interfaces only.
n
Remotely managed administrator accounts can be used to access the Expressway using the web and API
interfaces only.
interfaces only.
page (
Users > Password security
). All passwords and usernames are case sensitive.
Note that:
n
records all login attempts and configuration changes made using the web interface,
and can be used as an audit trail. This is particularly useful when you have multiple administrator accounts.
n
More than one administrator session can be running at the same time. These sessions could be using the
web interface, command line interface, or a mixture of both. This may cause confusion if each
administrator session attempts to modify the same configuration settings - changes made in one session
will overwrite changes made in another session.
web interface, command line interface, or a mixture of both. This may cause confusion if each
administrator session attempts to modify the same configuration settings - changes made in one session
will overwrite changes made in another session.
Cisco Expressway Administrator Guide (X8.5)
Page 196 of 394
User accounts
About user accounts