Filter
Top Products
C-3
Installation Guide for Cisco Unified Service Monitor
OL-25111-01
Appendix C Security Configuration with Cisco Secure ACS
Configuring the System Identity User in Common Services
Configuring the System Identity User in Common Services
Before you integrate the Service Monitor server with Cisco Secure ACS, ensure that you create and
assign all privileges to a system identity user in Common Services. This topic explains how to set up a
local user as the system identity user. (To use the Common Services admin user as the system identity
user, see the topic Setting up system identity account in Common Services online help.)
1. Create a local user and assign all roles to the user. (See Configuring Users Using the Common
Services Local Login Module, page 3-2.)
Note If the System Identity User is not configured with all Common Services Local login module
roles (see Table C-1), authorization fails when you try perform certain tasks in Service
Monitor and Common Services.
2. Update the System Identity User, replacing the username with the one that you created in step 1.
(Select Administration > Server Administration (Common Services) > Security > Multi-Server
Trust Management > System Identity Setup.
For more information, see Common Services online help.
Setting Up the Cisco Secure ACS Server
Perform these tasks in Cisco Secure ACS before you change the Common Services AAA mode to ACS:
1. Configure ACS Administrators.
Configure an administrator user with all privileges in Cisco Secure ACS.
Note If you do not configure the administrator user with all privileges, Service Monitor
registration with Cisco Secure ACS fails.
Note the username and password for the administrator; you will need to enter them when you change
the AAA mode to ACS in Common Services.
2. Add the Service Monitor server to Cisco Secure ACS as a AAA Client.
Configure the Service Monitor server as a AAA client in Cisco Secure ACS and do the following:
–
Select authentication by TACACS + (CISCO IOS).
–
Note the shared secret that you enter; you will need to enter it in Common Services when you
change the AAA mode to ACS in Common Services.
3. Add the System Identity User and Common Services users to Cisco Secure ACS.
You can create a group and add users to it.
4. Note whether the Service Monitor and Common Services applications are already registered with
Cisco Secure ACS. To find out, select Shared Profile Components and look for:
–
Cisco Unified Service Monitor
–
Common Services