Filter
Top Products
8-11
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Managing Internal Identity Stores
Step 4 Click Submit.
The user password is configured with the defined criteria. These criteria will apply only for future logins.
Note If one of the users gets disabled, the failed attempt count value needs to be reconfigured multiple times.
In such a case, the administrators should either note separately the current failed attempt count of that
user, or reset the count to 0 for all users.
Creating Internal Users
In ACS, you can create internal users that do not access external identity stores for security reasons.
You can use the bulk import feature to import hundreds of internal users at a time; see Performing Bulk
Operations for Network Resources and Users, page 7-8 for more information. Alternatively, you can use
the procedure described in this topic to create internal users one at a time.
Step 1 Select Users and Identity Stores > Internal Identity Store > Users.
The Internal Users page appears.
Step 2 Click Create. You can also:
• Check the check box next to the user that you want to duplicate, then click Duplicate.
• Click the username that you want to modify, or check the check box next to the name and click Edit.
• Check the check box next to the user whose password you want to change, then click Change
Password.
Password must be different from the
previous n versions.
Specifies the number of previous passwords for this user to be compared against.
The number of previous passwords include the default password as well. This
option prevents the users from setting a password that was recently used. Valid
options are 1 to 99.
Password Lifetime
Users can be required to periodically change password
Disable user account after n days if
password is not changed
Specifies that the user account must be disabled after n days if the password is
not changed; the valid options are 1 to 365. This option is applicable only for
TACACS+ authentication.
Display reminder after n days Displays a reminder after n days to change password; the valid options are 1 to
365. This option, when set, only displays a reminder. It does not prompt you for
a new password. This option is applicable only for TACACS+ authentication.
TACACS Enable Password
Select whether a separate password should be defined in the user record to store the Enable Password
TACACS Enable Password Check the check box to enable a separate password for TACACS+
authentication.
Table 8-3 Advanced Tab
Options Description