Troubleshooting guide
1-3
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Creating and Managing Administrator User Accounts and Groups
Creating and Managing User Accounts
Working with Accounts
When you create a user account, you enter information about the user such as the username, the name
of the individual who owns the account, contact information, job title, and department. All user account
information is stored in an internal database on the WAAS Central Manager.
Each user account can then be assigned to a role. A role defines which WAAS Central Manager GUI
configuration pages the user can access and which services the user has authority to configure or modify.
The WAAS Central Manager provides one predefined role, known as the admin role. The admin role has
access to all services. A domain defines which entities in the network that the user can access and
configure or modify. You can assign a user account to zero or more roles and to zero or more domains.
In addition to user accounts, you can create user groups if you are using external authentication of users
on a TACACS+ or Windows domain server (not a RADIUS server). By creating user group names that
match the user groups that you have defined on the external authentication server, WAAS can
dynamically assign roles and domains to users based on their membership in a group as defined on the
external authentication server. You do not need to define a role or domain for each user individually.
Two default user accounts are preconfigured in the WAAS Central Manager. The first account, called
admin, is assigned the administrator role that allows access to all services and access to all entities in the
system. This account cannot be deleted from the system, but it can be modified. Only the username and
the role for this account are unchangeable. Only an account that has been assigned the admin role can
create other admin-level accounts.
The second preconfigured user account is called default. Any user account that is authenticated but has
not been registered in the WAAS Central Manager obtains the access rights (role) assigned to the default
account. This account is configurable by an administrator, but it cannot be deleted nor its username
changed. Initially, the default account has no access to GUI functionality because it has no roles defined,
though it can log into the WAAS Central Manager GUI.
This section contains the following topics:
• Creating a New Account, page 1-4
• Modifying and Deleting User Accounts, page 1-6
• Changing the Password for Your Own Account, page 1-6
• Changing the Password for Another Account, page 1-7
3. Assign the role to the new account. Assigns the new role to the new account. For more information, see the “Assigning
a Role to a User Account” section on page 1-12. If you are using an external
authentication server, you can define matching user groups that automatically
assign roles to users.
4. Create a domain. Creates a domain that will specify the WAEs, device groups, or AppNav Clusters
that the new account can manage. For more information, see the “Creating a New
Domain” section on page 1-14.
5. Add an entity to the domain. Adds one or more WAEs, device groups, or AppNav Clusters to the domain. For
more information, see the “Adding an Entity to a Domain” section on page 1-15.
6. Assign a domain to a user account. Assigns the domain to the new user account. For more information, see the
“Assigning a Domain to a User Account” section on page 1-15. If you are using an
external authentication server, you can define matching user groups that
automatically assign domains to users.
Table 1-2 Checklist for Creating a Roles-based Administrator Account (continued)
Task Additional Information and Instructions