16-3
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Configuring System Administrators and Accounts
When these steps are completed, defined administrators can log in and start working in the system.

Understanding Authentication

An authentication request is the first operation for every management session. If authentication fails, the
management session is terminated. But if authentication passes, the management session continues until
the administrator logs out or the session times out.
ACS 5.4 authenticates every login operation by using user credentials (username and password). Then,
by using the administrator and role definitions, ACS fetches the appropriate permissions and a nswers
subsequent authorization requests.
The ACS user interface displays the functions and options for which you have the necessary
administrator privileges only.
Note Allow a few seconds before logging back in so that changes in the system have time to propagate.
Related Topics
Understanding Administrator Roles and Accounts, page 16-2
Configuring System Administrators and Accounts, page 16-3
Configuring System Administrators and Accounts
This section contains the following topics:
Understanding Roles
Administrator Accounts and Role Association
Creating, Duplicating, Editing, and Deleting Administrator Accounts
Viewing Role Properties
Understanding Roles
Roles consist of typical administrator tasks, each with an associated set of permissions. Each
administrator can have more than one predefined role, and a role can apply to multiple administrators.
As a result, you can configure multiple tasks for a single administrator and multiple administrators for
a single task.
You use the Administrator Accounts page to assign roles. In general, a precise definition of roles is the
recommended starting point. Refer to Creating, Duplicating, Editing, and Deleting Administrator
Accounts, page 16-7 for more information.

Assigning Roles

You can assign roles to the internal administrator account. ACS 5.4 provides two methods to assign roles
to internal administrators:
Static Role assignment—Roles are assigned manually to the internal administrator account.