Cisco Systems OL-24201-01 manual Creating, Duplicating, and Editing Access Services, 10-12

Chapter 10 Managing Access Policies

Configuring Access Services

Creating, Duplicating, and Editing Access Services

Access services contain the authentication and authorization policies for requests.

When you create an access service, you define:

•Policy structure—The types of policies the service will contain. You can define these according to a service template, an existing service, or a use case.

A service can contain:

–An Identity policy—Defines which identity store to use for authentication.

–A group mapping policy—Defines the identity group to which to map.

–An Authorization policy—For network access, this policy defines which session authorization profile to apply; for device administration, it defines which shell profile or command set to apply.

•Allowed protocols—Specifies which authentication protocols are allowed for this access service, and provides additional information about how ACS uses them for authentication.

Use a service template to define an access service with policies that are customized to use specific condition types. See Configuring Access Services Templates, page 10-19for information about the service templates.

Duplicate an access service to create a new access service with rules that are the same, or very similar to, an existing access service. After duplication is complete, you access each service (original and duplicated) separately.

To replicate a service policy structure without duplicating the source service’s rules, create a new access service based on an existing service.

To create, duplicate, or edit an access service:

Step 1 Select Access Policies > Access Services.

The Access Services page appears with a list of configured services.