- Cisco Secure Access Control System 5.4 Manual

16-16
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 16 Managing System Administrators
Working with Administrative Access Control
In cases where Deny Access is selected as the result, the access of the administrator is denied.
In a rule-based policy, each rule contains one or more conditions and a result, which is the identity source
to use for authentication.
The supported conditions are these:
System username
System time and date
Administrator client IP address
An identity policy in the AAC service does not support the identity store sequence as a result. You can
create, duplicate, edit, and delete rules within the identity policy, and you can enable and disable them.
Caution If you switch between the simple policy and the rule-based policy pages, you will lose your previously
saved policy configuration.
To configure a simple identity policy, complete the following steps:
Step 1 Select System Administration > Administrative Access Control > Identity.
By default, the Simple Identity Policy page appears with the fields as described in Table 16-8.
Step 2 Select an identity source for authentication; or, choose Deny Access.
Step 3 Click Save Changes to save the policy.
Viewing Rule-Based Identity Policies
Select System Administration > Administrative Access Control > Identity.
By default, the Simple Identity Policy page appears with the fields as described in Table 16-8. If it is
configured, the Rule-Based Identity Policy page appears with the fields as described in Table 16-9:
Table 16-8 Simple Identity Policy Page
Option Description
Policy type Defines the type of policy to configure:
Simple—Specifies the result to apply to all requests.
Rule-based—Configures rules to apply different results, depending on the request.
If you switch between policy types, you will lose your previously saved policy configuration.
Identity Source Identity source to apply to all requests. The default is Deny Access. For password-based
authentication, choose a single identity store or an identity store sequence.