Skip to main content

Cisco Secure ACS TACACS+

Connector name

agtcisco-acs

Connector type

Executable

Type (UI field value)

Cisco Secure ACS TACACS+

Target system versions supported / tested

Cisco Secure Access Control Server

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

The following Bravura Security Fabric operations are supported by this connector:

  • user verify password

  • get server information

  • administrator reset password

  • administrator reset+expire password

  • enable account

  • disable account

  • check account enabled

  • create account

  • delete account

  • update attributes

  • add user to group

  • delete user from group

  • List:

    • accounts

    • attributes

    • groups

    • members

    • computer objects

Preparation

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example psadmin) on the Cisco Secure Access Control Server target system to perform operations. Create an account with appropriate permissions if one does not already exist.

Targeting Cisco Secure Access Control Server

For each Cisco Secure Access Control Server system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).

  • Type is Cisco Secure ACS TACACS+.

  • Address uses options described in the table below.

The full list of target system parameters is explained in Target System Options .

Table 1. Cisco Secure Access Control Server address configuration

Option

Description

Options marked with a redstar.png are required.

Server redstar.png

The IP address/domain name of the Cisco Secure Access Control Server system.

(key: server)

Port

The port number.

(key: port)

Connection over SSL

Select to enforce SSL connections.

(key: ssl)

Validate the server’s certificate when connecting

Determines whether to validate the server’s security certificate for SSL connections. Default is "true".

(key: checkCert)

HTTP Network Proxy

The address of the web proxy.

(key: proxy)

Default Group when leaving managed group

Specify a group that a user will be a member of when they are no longer part of a managed group.

(key: restoreGroup)

Account Management Method redstar.png

Choose one of the following account management methods:

  • Only manage the connect password, enable password out of scope

  • Set the same password values for connect and enable per account

  • Set separate password values for connect and enable per account

    By default, Set the same password values for connect and enable per account is selected.

    (key: Multipass)



In this section: