Chapter 3 Interface Configuration
Interface Design Concepts
3-2
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
•Protocol Configuration Options for TACACS+, page 3-7
•Protocol Configuration Options for RADIUS, page 3-11
Interface Design Concepts
Before you begin to configure the Cisco Secure ACS HTML interface for your
particular configuration, you should understand a few basic precepts of the system
operation. The information in the following sections is necessary for effective
interface configuration.
User-to-Group Relationship
A user can belong to only one group at a time. As long as there are no conflicting
attributes, users inherit group settings.
Note If a user profile has an attribute configured differently from the same attribute in
the group profile, the user setting always overrides the group setting.
If a user has a unique configuration requirement, you can make that user a part of
a group and set unique requirements on the User Setup page, or you can assign
that user to his or her own group.
Per-User or Per-Group Features
You can configure most features at both group and user levels, with the following
exceptions:
•User level only—Static IP address, password, and expiration.
•Group level only—Password aging and time-of-day/day-of-week
restrictions.