16-12
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter16 Managing System Ad ministrators
Configuring Session Idle Timeout
Note ACS automatically deactivates or disables your account based on your last login, last password
change, or number of login retries. The CLI and PI us er accounts are blocked and they receive
a notification that they can change the password through the web interface. If your account is
disabled, contact another administrator to enable yo ur account.
Step4 Click Submit.
The administrator password is configured with the defined criteria. These criteria will apply only for
future logins.
Related Topics
Understanding Roles, page 16-3
Administrator Accounts and Role Association, page 16-6
Viewing Predefined Roles, page 16-9
Configuring Session Idle Timeout
A GUI session, by default, is assigned a timeout period of 30 minutes. You can configure a timeout
period for anywhere from 5 to 90 minutes.
To configure the timeout period:
Disable administrator account after n days
if password is not changed
Specifies that the administrator account must be disabled after n days if the
password is not changed; the valid options are 1 to 365.
ACS does not allow you to configure this option without configuring the Display
reminder after n days option.
Account Inactivity
Inactive accounts are disabled
Require a password change after n days of
inactivity
Specifies that the password must be changed after n days of inactivity; the valid
options are 1 to 365. This option, when set, ensures that you change the
password after n days.
ACS does not allow you to configure this option without configuring the Display
reminder after n days option.
Disable administrator account after n days
of inactivity
Specifies that the administrator account must be disabled after n days of
inactivity; the valid options are 1 to 365.
ACS does not allow you to configure this option without configuring the Display
reminder after n days option.
Incorrect Password Attempts
Disable account after n successive failed
attempts
Specifies the maximum number of login retries after which the account is
disabled; the valid options are 1 to 10.
Table16-7 Advanced Tab
Options Description