16-2
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Understanding Administrator Roles and Accounts
Configure administrator session setting
Configure administrator access setting
The first time you log in to ACS 5.4, you are prompted for the predefined administrator username
(ACSAdmin) and required to change the predefined password name (default). After you change the
password, you can start configuring the system.
The predefined administrator has super administrator permissions—Create, Read, Update, Dele te, and
eXecute (CRUDX)—to all ACS resources. When you register a secondary instance to a primary instance,
you can use any account created on the primary instance. The credentials that you create on the primary
instance apply to the secondary instance.
Note After installation, the first time you log in to ACS, you must do so through the ACS web interface and
install the licenses. You cannot log in to ACS through the CLI immediately after installation.
This section contains the following topics:
Understanding Administrator Roles and Accounts, page 16-2
Configuring System Administrators and Accounts, page 16-3
Understanding Roles, page 16-3
Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-7
Viewing Predefined Roles, page 16-9
Configuring Authentication Settings for Administrators, page16-10
Configuring Session Idle Timeout, page 16-12
Configuring Administrator Access Settings, page 16-13
Working with Administrative Access Control, page 16-14
Resetting the Administrator Password, page 16-22
Changing the Administrator Password, page16-22
Understanding Administrator Roles and Accounts
The first time you log in to ACS 5.4, you are prompted for the predefined administrator username
(ACSAdmin) and required to change the predefined password name (default).
Note You cannot rename, disable, or delete the ACSAdmin account.
After you change the password, you can start configuring the system. The prede fined administrator has
super administrator permissions—Create, Read, Update, Delete, and eXecute (CRUDX)—to all ACS
resources.
If you do not need granular access control, the Super Admin role is most convenient, and this is the ro le
assigned to the predefined ACSAdmin account.
To create further granularity in your access control, follow these steps:
1. Define Administrators. See Configuring System Administrators and Accounts, page 16-3.
2. Associate roles to administrators. See Understanding Roles, page16 -3