35-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter3 5 Getting Started with IPS Configuration
Managing User Accounts and Password Requirements
If you change the password for the user defined in the device properties, which Security Manager
uses to deploy configurations to the device, Security Manager uses the existing credentials defined
in the device properties to log into the device and deploy changes. After successful deployment, the
device properties are then changed to use your new settings. For more information on credentials in
device properties, see Device Credentials Page, page 3-44.
Related Topics
Filtering Tables, page1-45
Table Columns and Column Heading Features, page1-46
Step 1 Do one of the following to open the User Accounts policy:
(Device v iew) Select Platform > Device Admin > Device Access > User Accounts from the Policy
selector.
(Policy view) Select IPS > Platform > Device Admin > Device Access > User Accounts, then
select an existing policy or create a new one.
The policy shows existing user accounts, including the username, role, and whether the password is
managed by Security Manager (as explained in Understanding Managed and Unmanaged IPS Passwords,
page 35-14).
Step 2 Do one of the following:
To add a user account, click the Add Row (+) button. This opens the Add User dialog box. Enter the
information required to define the account. For detailed information on the settings, see Add User
and Edit User Credentials Dialog Boxes, page 35-17.
To edit a user account, select it and click the Edit Row (pencil) button and make the required
changes in the Edit User dialog box.
You cannot change a user role to or from the Service role.
To delete a user account, select it and click the Delete Row (trash can) button. You cannot delete
the account named cisco.
Tip All password changes must meet the requirements of the Password Requirements policy. If you
change the requirements policy, all new user accounts, or edited accounts, are tested against the
new requirements. Although the passwords for existing unedited user accounts are not tested,
they too must meet the password requirements if you change any user account defined in this
policy, because Security Manager will deploy all of the accounts during the next configuration
deployment. Passwords are checked for conformity when you validate policies, which typically
happens when you submit changes to the database. For more information, see Understanding
How IPS Passwords are Discovered and Deployed, page 35-15.
Add User and Edit User Credentials Dialog Boxes
Use the Add User or Edit User Credentials dialog boxes to add or edit IPS device user accounts.