About user accounts
The VCS has two types of user account for normal operation:
n
Administrator accounts
: used to configure the VCS.
n
FindMe accounts
: used by individuals in an enterprise to configure their FindMe profile. They can also be
used to enable basic device provisioning when the
Starter Pack
option key is installed.
Note that FindMe account configuration via VCS does not apply if the VCS is using the
TMS Provisioning
Extension services
to provide FindMe data.
Account authentication
Administrator and FindMe accounts must be authenticated before access is allowed to the VCS.
VCS can authenticate accounts either locally or against a remote directory service using LDAP (currently,
only Windows Active Directory is supported), or it can use a combination of local and remotely managed
accounts. The remote option allows administration groups to be set up in the directory service for all VCSs in
an enterprise, removing the need to have separate accounts on each VCS.
See
Configuring remote account authentication using LDAP [p.265]
and
Authenticating VCS Accounts using
LDAP Deployment Guide
for more information about setting up remote authentication.
If a remote source is used for either administrator or FindMe account authentication, you also need to
configure the VCS with:
n
appropriate LDAP server connection settings
n
administrator groups and/or FindMe groups that match the corresponding group names already set up in the
remote directory service to manage administrator and FindMe access to this VCS (see
Configuring
administrator groups [p.268]
and
Configuring FindMe groups [p.270]
)
The VCS can also be configured to use
certificate-based authentication
. This would typically be required if
the VCS was deployed in a highly-secure environment.
Account types
Administrator accounts
Administrator accounts are used to configure the VCS.
n
The VCS has a default
admin
local administrator account with full read-write access. It can be used to
access the VCS using the web interface, the API interface or the CLI. Note that you cannot access the
VCS via the default
admin
account if a
Remote only
authentication source is in use.
n
You can add additional local administrator accounts which can be used to access the VCS using the web
and API interfaces only.
n
Remotely managed administrator accounts can be used to access the VCS using the web and API
interfaces only.
You can configure the complexity requirements for local administrator passwords on the
Password security
page (
Users > Password security
). All passwords and usernames are case sensitive.
Note that:
Cisco VCS Administrator Guide (X8.1.1)
Page 260 of 507
User accounts
About user accounts