Cisco Cisco FirePOWER Appliance 7020
48-46
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing User Accounts
You can control how and when the password for each user account is changed, as well as when user
accounts are disabled. If you configured a timeout for web interface login sessions, you can exempt users
from this timeout. The following table describes some of the options you can use to regulate passwords
and account access.
accounts are disabled. If you configured a timeout for web interface login sessions, you can exempt users
from this timeout. The following table describes some of the options you can use to regulate passwords
and account access.
Note that for locally authenticated users on Series 3 managed devices, changing a user’s password for
the web interface also changes that password for the command line interface.
the web interface also changes that password for the command line interface.
If you enable the
Check Password Strength
option, the minimum password length is automatically set to 8
characters. If you also set a value for
Minimum Password Length
that exceeds 8 characters, the higher value
applies.
Note
After you enable
Use External Authentication Method
, login options no longer appear. Use the external
authentication server to manage login settings.
Table 48-4
User Account Login Options
Option
Description
Use External
Authentication Method
Authentication Method
Select this check box if you want this user's credentials to be externally
authenticated.
authenticated.
Note
If you select this option for the user and the external authentication
server is unavailable, that user can log into the web interface but
cannot access any functionality.
server is unavailable, that user can log into the web interface but
cannot access any functionality.
Maximum Number of
Failed Logins
Failed Logins
Enter an integer, without spaces, that determines the maximum number of
times each user can try to log in after a failed login attempt before the
account is locked. The default setting is five tries; use 0 to allow an unlimited
number of failed logins.
times each user can try to log in after a failed login attempt before the
account is locked. The default setting is five tries; use 0 to allow an unlimited
number of failed logins.
Minimum Password
Length
Length
Enter an integer, without spaces, that determines the minimum required
length, in characters, of a user’s password. The default setting is
length, in characters, of a user’s password. The default setting is
8
. A value
of
0
indicates that no minimum length is required.
Days Until Password
Expiration
Expiration
Enter the number of days after which the user’s password expires. The
default setting is
default setting is
0
, which indicates that the password never expires.
Days Before Password
Expiration Warning
Expiration Warning
Enter the number of warning days users have to change their password
before their password actually expires. The default setting is 0 days.
before their password actually expires. The default setting is 0 days.
Caution
The number of warning days must be less than the number of days
before the password expires.
before the password expires.
Force Password Reset
on Login
on Login
Select this option to force users to change their passwords the first time they
log in.
log in.
Check Password
Strength
Strength
Select this option to require strong passwords. A strong password must be at
least eight alphanumeric characters of mixed case and must include at least
one numeric character and one special character. It cannot be a word that
appears in a dictionary or include consecutive repeating characters.
least eight alphanumeric characters of mixed case and must include at least
one numeric character and one special character. It cannot be a word that
appears in a dictionary or include consecutive repeating characters.
Exempt from Browser
Session Timeout
Session Timeout
Select this option if you do not want a user’s login sessions to terminate due
to inactivity. Users with the Administrator role cannot be made exempt. For
more information on session timeouts, see
to inactivity. Users with the Administrator role cannot be made exempt. For
more information on session timeouts, see