Cisco Systems OL-24201-01 manual Standard Attributes, User Attributes, Attribute Description

Chapter 8 Managing Users and Identity Stores

Managing Internal Identity Stores

Standard Attributes

Table 8-1describes the standard attributes in the internal user record.

Table 8-1 Standard Attributes

User Attributes

Administrators can create and add user-defined attributes from the set of identity attributes. You can then assign default values for these attributes for each user in the internal identity store and define whether the default values are required or optional.

You need to define users in ACS, which includes associating each internal user with an identity group, a description (optional), a password, an enable password (optional), and internal and external user attributes.

Internal users are defined by two components: fixed and configurable. Fixed components consist of these attributes:

•Name

•Description

•Password

•Enabled or disabled status

•Identity group to which they belong Configurable components consist of these attributes:

•Enable password for TACACS+ authentication

•Sets of identity attributes that determine how the user definition is displayed and entered

Cisco recommends that you configure identity attributes before you create users. When identity attributes are configured:

•You can enter the corresponding values as part of a user definition.

•They are available for use in policy decisions when the user authenticates.

Internal user identity attributes are applied to the user for the duration of the user’s session.

Internal identity stores contain the internal user attributes and credential information used to authenticate internal users (as defined by you within a policy).

External identity stores are external databases on which to perform credential and authentication validations for internal and external users (as defined by you within a policy).

User Guide for Cisco Secure Access Control System 5.3