Cisco Cisco Content Security Management Appliance M390 Guida Utente

(Optional) Click Add Row to add another RADIUS server. Repeat steps 

 for each RADIUS server 

that your appliance uses for authentication.

When you define multiple external servers, the appliance connects to the servers in the order defined on 
the appliance. You might want to define multiple external servers to allow for failover in case one server 
is temporarily unavailable. 

Enter the amount of time to store external authentication credentials in the web user interface. 

If the RADIUS server uses one-time passwords, for example passwords created from a token, 
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again 
to authenticate during the current session.

Configure Group Mapping:

Map externally authenticated 
users to multiple local roles 
(Recommended)

AsyncOS assigns RADIUS users to appliance roles based on the 
RADIUS CLASS attribute. CLASS attribute requirements:

3 character minimum

253 character maximum

no colons, commas, or newline characters

one or more mapped CLASS attributes for each RADIUS user 
(With this setting, AsyncOS denies access to RADIUS users 
without a mapped CLASS attribute.) 

For RADIUS users with multiple CLASS attributes, AsyncOS 
assigns the most restrictive role. For example, if a RADIUS user 
has two CLASS attributes, which are mapped to the Operator and 
Read-Only Operator roles, AsyncOS assigns the RADIUS user to 
the Read-Only Operator role, which is more restrictive than the 
Operator role.

These are the appliance roles ordered from least restrictive to most 
restrictive:

Administrator 

Email Administrator

Web Administrator

Web Policy Administrator

URL Filtering Administrator

Technician

Operator

Cloud Administrator

Read-Only Operator

Help Desk User

Guest

Map all externally authenticated 
users to the Administrator role 

AsyncOS assigns RADIUS users to the Administrator role.