Interface Design Concepts
Interface Design Concepts
User-to-Group Relationship
Note
Per-User or Per-Group Features
User Guide for Cisco Secure ACS for Windows Server
3-2
Protocol Configuration Options for TACACS+, page 3-7
•
Protocol Configuration Options for RADIUS, page 3-11
•
Before you begin to configure the Cisco Secure ACS HTML interface for your
particular configuration, you should understand a few basic precepts of the system
operation. The information in the following sections is necessary for effective
interface configuration.
A user can belong to only one group at a time. As long as there are no conflicting
attributes, users inherit group settings.
If a user profile has an attribute configured differently from the same attribute in
the group profile, the user setting always overrides the group setting.
If a user has a unique configuration requirement, you can make that user a part of
a group and set unique requirements on the User Setup page, or you can assign
that user to his or her own group.
You can configure most features at both group and user levels, with the following
exceptions:
•
User level only—Static IP address, password, and expiration.
Group level only—Password aging and time-of-day/day-of-week
•
restrictions.
Chapter 3
Interface Configuration
78-16592-01