Chapter 12 Administering External User Databases
Unknown User Processing
12-2
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
The Unknown User feature enables Cisco Secure ACS to use a variety of external
databases in addition to its own internal database to authenticate incoming user
requests. With this feature, Cisco Secure ACS provides the foundation for a basic
single sign-on capability by integrating network and host-level access control.
Because the incoming usernames and passwords of users dialing in can be
authenticated with external user databases, there is no need for the network
administrator to maintain a duplicate list within Cisco Secure ACS. This provides
two advantages to the Cisco Secure ACS administrator:
• Eliminates the necessity of entering every user multiple times
• Prevents data-entry errors that are inherent to manual procedures
Known, Unknown, and Discovered Users
The Unknown User feature implements three categories of users in
Cisco Secure ACS.
• Known Users—Users explicitly added, either manually or automatically,
into the Cisco Secure ACS database.
These are users added through User Setup in the HTML interface, by the
RDBMS Synchronization feature, by the Database Replication feature, or by
the CSUtil.exe utility. For more information about CSUtil.exe, see
Appendix D, “Cisco Secure ACS Command-Line Database Utility.”
Cisco Secure ACS attempts to authenticate a known user with the single
database that the user is associated with. If the user database is the
CiscoSecure user database and the user does not represent a Voice over IP
(VoIP) user account, a password is required for the user. If the user database
is an external user database or if the user represents a VoIP user account,
Cisco Secure ACS does not have to store a user password in the CiscoSecure
user database.
• Unknown Users—Users who have no account entry in the CiscoSecure user
database.
Such users never have previously authenticated with Cisco Secure ACS. If
the Unknown User Policy is configured, Cisco Secure ACS attempts to
authenticate these users with external user databases.
• Discovered Users—Users whose accounts were created in the CiscoSecure
user database when Cisco Secure ACS successfully authenticated them using
the Unknown User Policy. When Cisco Secure ACS creates a discovered user,
To Next Page
Loading...
Need help?
General