Cisco Cisco Web Security Appliance S670 User Guide

22-8

AsyncOS 9.1 for Cisco Web Security Appliances User Guide

Chapter 22 Perform System Administration Tasks

Administering User Accounts

Deleting User Accounts

Step 1

Choose System Administration > Users.

Step 2

Click the trash can icon corresponding to the listed user name and confirm when prompted.

Step 3

Submit and commit your changes.

Editing User Accounts

Step 1

Choose System Administration > Users.

Step 2

Click the user name.

Step 3

Make changes to the user on the Edit User page as required.

Step 4

Submit and commit your changes.

Changing Passphrases

To change the passphrase of the account currently logged in, select Options > Change Passphrase from
the top right-hand side of the window.

For other accounts, edit the account and change the passphrase in the Local User Settings page.

Related Topics

•

Editing User Accounts, page 22-8

•

Setting Passphrase Requirements for Administrative Users, page 22-11

RADIUS User Authentication

The Web Security appliance can use a RADIUS directory service to authenticate users that log in to the
appliance using HTTP, HTTPS, SSH, and FTP. You can configure the appliance to contact multiple
external servers for authentication, using either PAP or CHAP authentication. You can map groups of
external users to different Web Security appliance user role types.

Sequence of Events For Radius Authentication

When external authentication is enabled and a user logs into the Web Security appliance, the appliance:

Determines if the user is the system-defined “admin” account.

If not, checks the first configured external server to determine if the user is defined there.

If the appliance cannot connect to the first external server, it checks the next external server in
the list.

If the appliance cannot connect to any external server, it tries to authenticate the user as a local user
defined on the Web Security appliance.