User import and creation – Cisco 3.3 User Manual
Page 487
13-3
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
CiscoSecure User Database
User Import and Creation
There are five ways to create user accounts in the in Cisco Secure ACS for
Windows 2000 Servers. Of these, RDBMS Synchronization and CSUtil.exe
support importing user accounts from external sources.
•
Cisco Secure ACS HTML interface—The HTML interface provides the
ability to create user accounts manually, one user at a time. Regardless of how
a user account was created, you can edit a user account by using the HTML
interface. For detailed steps, see
Adding a Basic User Account, page 7-4
.
•
Unknown User Policy—The Unknown User Policy enables Cisco Secure
ACS to add users automatically when a user without an account in the is
found in an external user database. The creation of a user account in the
occurs only when the user attempts to access the network and is successfully
authenticated by an external user database. For more information, see
Chapter 15, “Unknown User Policy”
If you use Unknown User Policy, you can also configure group mappings so
that each time a user added to the by Unknown User Policy is authenticated,
the user group assignment is made dynamically. For some external user
database types, user group assignment is based on group membership in the
external user database. For other database types, all users authenticated by a
given database are assigned to a single Cisco Secure ACS user group. For
more information about group mapping, see
•
RDBMS Synchronization—RDBMS Synchronization enables you to create
large numbers of user accounts and to configure many settings for user
accounts. We recommend using this feature whenever you need to import
users by bulk; however, setting up RDBMS Synchronization for the first time
requires several important decisions and time to implement them. For more
information, see
RDBMS Synchronization, page 9-25
•
CSUtil.exe—The CSUtil.exe command-line utility provides a simple means
of creating basic user accounts. When compared to RDBMS Synchronization,
its functionality is limited; however, it is simple to prepare for importing
basic user accounts and assigning users to groups. For more information, see
Appendix D, “CSUtil Database Utility”
•
Database Replication—Database Replication creates user accounts on a
secondary Cisco Secure ACS by overwriting all existing user accounts on a
secondary Cisco Secure ACS with the user accounts from the primary