Filter
Top Products
16-18
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 16 Managing System Administrators
Working with Administrative Access Control
Configuring Identity Policy Rule Properties
You can create, duplicate, or edit an identity policy rule to determine the identity databases that are used
to authenticate the administrator and retrieve attributes for the administrator. The retrieval of attributes
is possible only if you use an external database.
To display this page, complete the following steps:
Step 1 Choose System Administration > Administrative Access Control > Identity, then do one of the
following:
• Click Create.
• Check a rule check box, and click Duplicate.
• Click a rule name or check a rule check box, then click Edit.
Step 2 Complete the fields as shown in the Identity Rule Properties page, as described in Table 16-10.
Table 16-10 Identity Rule Properties Page
Option Description
General
Rule Name Name of the rule. If you are duplicating a rule, you must enter a unique name as a minimum configuration;
all other fields are optional.
Rule Status Rule statuses are:
• Enabled—The rule is active.
• Disabled—ACS does not apply the results of the rule.
• Monitor—The rule is active, but ACS does not apply the results of the rule. Results such as hit count
are written to the log, and the log entry includes an identification that the rule is monitor only. The
Monitor option is especially useful for watching the results of a new rule.
Conditions
conditions Conditions that you can configure for the rule. By default the compound condition appears. You can
change the conditions that appear by using the Customize button in the Policy page.
The default value for each condition is ANY. To change the value for a condition, check the condition check
box, then specify the value.
If you check Compound Condition, an expression builder appears in the conditions frame. For more
information, see Configuring Compound Conditions, page 10-41.
Results
Identity Source Identity source to apply to requests. The default is Administrators Internal Identity store. For
password-based authentication, choose a single identity store or an identity store sequence.