Chapter 8 Managing Users and Identity Stores

Configuring Identity Store Sequences

Step 2 Do one of the following:

Click Create.

Check the check box next to the sequence that you want to duplicate, then click Duplicate.

Click the sequence name that you want to modify, or check the check box next to the name and click Edit.

The Identity Store Sequence Properties page appears as described in Table 8-22.

Table 8-22 Identity Store Sequence Properties Page

Option

Description

General

Name

Enter the name of the identity store sequence.

 

 

Description

Enter a description of the identity store sequence.

 

 

Authentication Method List

 

 

 

Certificate Based

Check this check box to use the certificate-based authentication method. If you choose this

 

option, you must enter the certificate authentication profile. Click Select to choose the profile

 

from a list of available profiles.

 

 

Password Based

Check this check box to use the password-based authentication method. If you choose this

 

option, you must choose the set of identity stores that ACS will access one after another until a

 

match is found.

 

If you choose this option, you must select a list of identity stores in the Authentication and

 

Attribute Retrieval Search List area for ACS to access the identity stores one after another.

 

 

Authentication and Attribute Retrieval Search List

Note This section appears only when you check the Password Based option.

Available

Available set of identity stores to access.

 

 

Selected

Selected set of identity stores to access in sequence until first authentication succeeds. Use the

 

Up and Down arrows at the right of the list to define the order of access.

 

ACS automatically retrieves attributes from identity stores that you selected for authentication.

 

You do not need to select the same identity stores for attribute retrieval.

 

 

Additional Attribute Retrieval Search List

 

 

Available

Available set of additional identity stores for attribute retrieval.

 

 

Selected

(Optional) The selected set of additional identity stores for attribute retrieval. Use the Up and

 

Down arrows at the right of the list to define the order of access.

 

ACS automatically retrieves attributes from identity stores that you selected for authentication.

 

You do not need to select the same identity stores for attribute retrieval.

 

 

Internal User/Host

 

If internal user/host is not found or disabled then exit the sequence and treat as User Not Found

This option is applicable for the attribute phase and when the Internal Identity Store is in the Attribute retrieval list.

ACS exists the sequence and treats it as User Not Found if this option is selected and the user not found or is disabled.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

8-75

 

 

 

 

 

Page 226 Page 228
Page 227
Image 227
Cisco Systems OL-24201-01 manual Identity Store Sequence Properties
Page 226 Page 228
Top Page Image Contents