Cisco Cisco Web Security Appliance S380 Guía Del Usuario

In the External Authentication Cache Timeout field, enter the number of seconds AsyncOS stores the 
external authentication credentials before contacting the RADIUS server again to re-authenticate. 
Default is zero.

If the RADIUS server uses one-time passwords, for example passwords created from a token, 
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again 
to authenticate during the current session.

Configure Group Mapping—Select whether to map all externally authenticated users to the 
Administrator role or to different appliance-user role types. 

Submit and commit your changes.

Map externally authenticated 
users to multiple local roles.

Enter a group name as defined in the RADIUS CLASS attribute, 
and choose an appliance Role type. You can add more role 
mappings by clicking Add Row.

AsyncOS assigns RADIUS users to appliance roles based on the 
RADIUS CLASS attribute. CLASS attribute requirements:

three-character minimum

253-character maximum

no colons, commas, or newline characters

one or more mapped CLASS attributes for each RADIUS user 
(With this setting, AsyncOS denies access to RADIUS users 
without a mapped CLASS attribute.) 

For RADIUS users with multiple CLASS attributes, AsyncOS 
assigns the most restrictive role. For example, if a RADIUS user 
has two CLASS attributes, which are mapped to the Operator and 
Read-Only Operator roles, AsyncOS assigns the RADIUS user to 
the Read-Only Operator role, which is more restrictive than the 
Operator role.

These are the appliance roles ordered from most restrictive to least 
restrictive:

Administrator 

Operator

Read-Only Operator

Guest

Map all externally authenticated 
users to the Administrator role.

AsyncOS assigns all RADIUS users to the Administrator role.