Cisco Systems CSACS3415K9 Manual De Usuario
C H A P T E R
16-1
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
16
Managing System Administrators
System administrators are responsible for deploying, configuring, maintaining, and monitoring the ACS
servers in your network. They can perform various operations in ACS through the ACS administrative
interface. When you define an administrator in ACS, you assign a password and a role or set of roles that
determine the access privilege the administrator has for the various operations.
servers in your network. They can perform various operations in ACS through the ACS administrative
interface. When you define an administrator in ACS, you assign a password and a role or set of roles that
determine the access privilege the administrator has for the various operations.
When you create an administrator account, you initially assign a password, which the administrator can
subsequently change through the ACS web interface. Irrespective of the roles that are assigned, the
administrators can change their own passwords.
subsequently change through the ACS web interface. Irrespective of the roles that are assigned, the
administrators can change their own passwords.
ACS provides the following configurable options to manage administrator passwords:
•
Password Complexity—Required length and character types for passwords.
•
Password History—Prevents repeated use of same passwords.
•
Password Lifetime—Forces the administrators to change passwords after a specified time period.
•
Account Inactivity—Disables the administrator account if it has not been in use for a specified time
period.
period.
•
Password Failures—Disables the administrator account after a specified number of consecutive
failed login attempts.
failed login attempts.
In addition, ACS provides you configurable options that determine the IP addresses from which
administrators can access the ACS administrative web interface and the session duration after which idle
sessions are logged out from the system.
administrators can access the ACS administrative web interface and the session duration after which idle
sessions are logged out from the system.
You can use the Monitoring and Report Viewer to monitor administrator access to the system. The
Administrator Access report is used to monitor the administrators who are currently accessing or
attempting to access the system.
Administrator Access report is used to monitor the administrators who are currently accessing or
attempting to access the system.
You can view the Administrator Entitlement report to view the access privileges that the administrators
have, the configuration changes that are done by administrators, and the administrator access details. In
addition, you can use the Configuration Change and Operational Audit reports to view details of specific
operations that each of the administrators perform.
have, the configuration changes that are done by administrators, and the administrator access details. In
addition, you can use the Configuration Change and Operational Audit reports to view details of specific
operations that each of the administrators perform.
The System Administrator section of the ACS web interface allows you to:
•
Create, edit, duplicate, or delete administrator accounts
•
Change the password of other administrators
•
View predefined roles
•
Associate roles to administrators
•
Configure authentication settings that include password complexity, account lifetime, and account
inactivity
inactivity