Chapter 8 Managing Users and Identity Stores

Managing Internal Identity Stores

In ACS 5.3, you can configure identity attributes that are used within your policies, in this order:

1.Define an identity attribute (using the user dictionary).

2.Define custom conditions to be used in a policy.

3.Populate values for each user in the internal database.

4.Define rules based on this condition.

As you become more familiar with ACS 5.3 and your identity attributes for users, the policies themselves will become more robust and complex.

You can use the user-defined attribute values to manage policies and authorization profiles. See Creating, Duplicating, and Editing an Internal User Identity Attribute, page 18-10for information on how to create a user attribute.

Host Attributes

You can configure additional attributes for internal hosts. You can do the following when you create an internal host:

Create host attributes

Assign default values to the host attributes

Define whether the default values are required or optional

You can enter values for these host attributes and can use these values to manage policies and authorization profiles. See Creating, Duplicating, and Editing an Internal Host Identity Attribute, page 18-13for information on how to create a host attribute.

Configuring Authentication Settings for Users

You can configure the authentication settings for user accounts in ACS to force users to use strong passwords. Any password policy changes that you make in the Authentication Settings page apply to all internal identity store user accounts. The User Authentication Settings page consists of the following tabs:

Password complexity

Advanced

To configure a password policy:

Step 1 Choose System Administration > Users > Authentication Settings.

The User Authentication Settings page appears with the Password Complexity and Advanced tabs.

Step 2 In the Password Complexity tab, check each check box that you want to use to configure your user password.

Table 8-2describes the fields in the Password Complexity tab.

Table 8-2

Password Complexity Tab

Option

Description

Applies to all ACS internal identity store user accounts

Minimum length

Required minimum length; the valid options are 4 to 20.

User Guide for Cisco Secure Access Control System 5.3

 

OL-24201-01

8-9

 

 

 

Page 161
Image 161
Cisco Systems OL-24201-01 manual Configuring Authentication Settings for Users, Host Attributes