Filter
Top Products
16-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 16 Managing System Administrators
Understanding Administrator Roles and Accounts
• Configure administrator session setting
• Configure administrator access setting
The first time you log in to ACS 5.3, you are prompted for the predefined administrator username
(ACSAdmin) and required to change the predefined password name (default). After you change the
password, you can start configuring the system.
The predefined administrator has super administrator permissions—Create, Read, Update, Delete, and
eXecute (CRUDX)—to all ACS resources. When you register a secondary instance to a primary instance,
you can use any account created on the primary instance. The credentials that you create on the primary
instance apply to the secondary instance.
Note After installation, the first time you log in to ACS, you must do so through the ACS web interface and
install the licenses. You cannot log in to ACS through the CLI immediately after installation.
This section contains the following topics:
• Understanding Administrator Roles and Accounts, page 16-2
• Configuring System Administrators and Accounts, page 16-3
• Understanding Roles, page 16-3
• Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-6
• Viewing Predefined Roles, page 16-8
• Configuring Authentication Settings for Administrators, page 16-9
• Configuring Session Idle Timeout, page 16-11
• Configuring Administrator Access Settings, page 16-11
• Resetting the Administrator Password, page 16-12
• Changing the Administrator Password, page 16-13
Understanding Administrator Roles and Accounts
The first time you log in to ACS 5.3, you are prompted for the predefined administrator username
(ACSAdmin) and required to change the predefined password name (default).
Note You cannot rename, disable, or delete the ACSAdmin account.
After you change the password, you can start configuring the system. The predefined administrator has
super administrator permissions—Create, Read, Update, Delete, and eXecute (CRUDX)—to all ACS
resources.
If you do not need granular access control, the Super Admin role is most convenient, and this is the role
assigned to the predefined ACSAdmin account.
To create further granularity in your access control, follow these steps:
1. Define Administrators. See Configuring System Administrators and Accounts, page 16-3.
2. Associate roles to administrators. See Understanding Roles, page 16-3
When these steps are completed, defined administrators can log in and start working in the system.