Cisco Systems OL-24201-01 Camera Accessories User Manual


 
8-9
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing Internal Identity Stores
In ACS 5.3, you can configure identity attributes that are used within your policies, in this order:
1. Define an identity attribute (using the user dictionary).
2. Define custom conditions to be used in a policy.
3. Populate values for each user in the internal database.
4. Define rules based on this condition.
As you become more familiar with ACS 5.3 and your identity attributes for users, the policies themselves
will become more robust and complex.
You can use the user-defined attribute values to manage policies and authorization profiles. See Creating,
Duplicating, and Editing an Internal User Identity Attribute, page 18-10 for information on how to create
a user attribute.
Host Attributes
You can configure additional attributes for internal hosts. You can do the following when you create an
internal host:
Create host attributes
Assign default values to the host attributes
Define whether the default values are required or optional
You can enter values for these host attributes and can use these values to manage policies and
authorization profiles. See Creating, Duplicating, and Editing an Internal Host Identity Attribute,
page 18-13 for information on how to create a host attribute.
Configuring Authentication Settings for Users
You can configure the authentication settings for user accounts in ACS to force users to use strong
passwords. Any password policy changes that you make in the Authentication Settings page apply to all
internal identity store user accounts. The User Authentication Settings page consists of the following
tabs:
Password complexity
Advanced
To configure a password policy:
Step 1 Choose System Administration > Users > Authentication Settings.
The User Authentication Settings page appears with the Password Complexity and Advanced tabs.
Step 2 In the Password Complexity tab, check each check box that you want to use to configure your user
password.
Table 8-2 describes the fields in the Password Complexity tab.
Table 8-2 Password Complexity Tab
Option Description
Applies to all ACS internal identity store user accounts
Minimum length Required minimum length; the valid options are 4 to 20.