Cisco Systems OL-24201-01 manual Understanding Administrator Roles and Accounts, 16-2

Chapter 16 Managing System Administrators

Understanding Administrator Roles and Accounts

•Configure administrator session setting

•Configure administrator access setting

The first time you log in to ACS 5.3, you are prompted for the predefined administrator username (ACSAdmin) and required to change the predefined password name (default). After you change the password, you can start configuring the system.

The predefined administrator has super administrator permissions—Create, Read, Update, Delete, and eXecute (CRUDX)—to all ACS resources. When you register a secondary instance to a primary instance, you can use any account created on the primary instance. The credentials that you create on the primary instance apply to the secondary instance.

Note After installation, the first time you log in to ACS, you must do so through the ACS web interface and install the licenses. You cannot log in to ACS through the CLI immediately after installation.

This section contains the following topics:

•Understanding Administrator Roles and Accounts, page 16-2

•Configuring System Administrators and Accounts, page 16-3

•Understanding Roles, page 16-3

•Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-6

•Viewing Predefined Roles, page 16-8

•Configuring Authentication Settings for Administrators, page 16-9

•Configuring Session Idle Timeout, page 16-11

•Configuring Administrator Access Settings, page 16-11

•Resetting the Administrator Password, page 16-12

•Changing the Administrator Password, page 16-13

Understanding Administrator Roles and Accounts

The first time you log in to ACS 5.3, you are prompted for the predefined administrator username (ACSAdmin) and required to change the predefined password name (default).

Note You cannot rename, disable, or delete the ACSAdmin account.

After you change the password, you can start configuring the system. The predefined administrator has super administrator permissions—Create, Read, Update, Delete, and eXecute (CRUDX)—to all ACS resources.

If you do not need granular access control, the Super Admin role is most convenient, and this is the role assigned to the predefined ACSAdmin account.

To create further granularity in your access control, follow these steps:

1.Define Administrators. See Configuring System Administrators and Accounts, page 16-3.

2.Associate roles to administrators. See Understanding Roles, page 16-3

When these steps are completed, defined administrators can log in and start working in the system.