Cisco Systems OL-24201-01 manual Managing System Administrators, 16-1

C H A P T E R 16

Managing System Administrators

System administrators are responsible for deploying, configuring, maintaining, and monitoring the ACS servers in your network. They can perform various operations in ACS through the ACS administrative interface. When you define an administrator in ACS, you assign a password and a role or set of roles that determine the access privilege the administrator has for the various operations.

When you create an administrator account, you initially assign a password, which the administrator can subsequently change through the ACS web interface. Irrespective of the roles that are assigned, the administrators can change their own passwords.

ACS provides the following configurable options to manage administrator passwords:

•Password Complexity—Required length and character types for passwords.

•Password History—Prevents repeated use of same passwords.

•Password Lifetime—Forces the administrators to change passwords after a specified time period.

•Account Inactivity—Disables the administrator account if it has not been in use for a specified time period.

•Password Failures—Disables the administrator account after a specified number of consecutive failed login attempts.

In addition, ACS provides you configurable options that determine the IP addresses from which administrators can access the ACS administrative web interface and the session duration after which idle sessions are logged out from the system.

You can use the Monitoring & Report Viewer to monitor administrator access to the system. The Administrator Access report is used to monitor the administrators who are currently accessing or attempting to access the system.

You can view the Administrator Entitlement report to view the access privileges that the administrators have, the configuration changes that are done by administrators, and the administrator access details. In addition, you can use the Configuration Change and Operational Audit reports to view details of specific operations that each of the administrators perform.

The System Administrator section of the ACS web interface allows you to:

•Create, edit, duplicate, or delete administrator accounts

•Change the password of other administrators

•View predefined roles

•Associate roles to administrators

•Configure authentication settings that include password complexity, account lifetime, and account inactivity