Filter
Top Products
10-12
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10 Managing Access Policies
Configuring Access Services
Step 3 Edit the fields in the Allowed Protocols tab as described in Table 10-7.
Step 4 Click Submit to save the changes you have made to the default access service.
Creating, Duplicating, and Editing Access Services
Access services contain the authentication and authorization policies for requests.
When you create an access service, you define:
• Policy structure—The types of policies the service will contain. You can define these according to
a service template, an existing service, or a use case.
A service can contain:
–
An Identity policy—Defines which identity store to use for authentication.
–
A group mapping policy—Defines the identity group to which to map.
–
An Authorization policy—For network access, this policy defines which session authorization
profile to apply; for device administration, it defines which shell profile or command set to
apply.
• Allowed protocols—Specifies which authentication protocols are allowed for this access service,
and provides additional information about how ACS uses them for authentication.
Use a service template to define an access service with policies that are customized to use specific
condition types. See Configuring Access Services Templates, page 10-19 for information about the
service templates.
Duplicate an access service to create a new access service with rules that are the same, or very similar
to, an existing access service. After duplication is complete, you access each service (original and
duplicated) separately.
To replicate a service policy structure without duplicating the source service’s rules, create a new access
service based on an existing service.
To create, duplicate, or edit an access service:
Step 1 Select Access Policies > Access Services.
The Access Services page appears with a list of configured services.
Identity Check to include an identity policy in the access service, to define the identity store
or stores that ACS uses for authentication and attribute retrieval.
Group Mapping Check to include a group mapping policy in the access service, to map groups and
attributes that are retrieved from external identity stores to the identity groups in
ACS.
Authorization Check to include an authorization policy in the access service, to apply:
• Authorization profiles for network access services.
• Shell profiles and command sets for device administration services.
Table 10-5 Default Access Service - General Page (continued)
Option Description