CHAPTE R
16-1
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
16
Managing System Administrators
System administrators are responsible for deploying, configuring, maintaining, a nd monitoring the ACS
servers in your network. They can perform various operations in ACS through the ACS administrative
interface. When you define an administrator in ACS, you assign a password and a role or set of roles that
determine the access privilege the administrator has for the various operations.
When you create an administrator account, you initially assign a password, which the administrator can
subsequently change through the ACS web interface. Irrespective of the roles that are assigned, the
administrators can change their own passwords.
ACS provides the following configurable options to manage administrator passwords:
Password Complexity—Required length and character types for passwords.
Password History—Prevents repeated use of same passwords.
Password Lifetime—Forces the administrators to change passwords after a specified time period.
Account Inactivity—Disables the administrator account if it has not been in use for a specified time
period.
Password Failures—Disables the administrator account after a specified number of consecutive
failed login attempts.
In addition, ACS provides you configurable options that determine the IP addresses from which
administrators can access the ACS administrative web interface and the session duration after which idle
sessions are logged out from the system.
You can use the Monitoring and Report Viewer to monitor administrator access to the system. The
Administrator Access report is used to monitor the administrators who are currently accessing or
attempting to access the system.
You can view the Administrator Entitlement report to view the access privileges that the administrators
have, the configuration changes that are done by administrators, and the administrator access details. In
addition, you can use the Configuration Change and Operational Audit reports to view details of specific
operations that each of the administrators perform.
The System Administrator section of the ACS web interface allows you to:
Create, edit, duplicate, or delete administrator accounts
Change the password of other administrators
View predefined roles
Associate roles to administrators
Configure authentication settings that include password complexity, account lifetime, and account
inactivity