cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

976
Views
0
Helpful
6
Replies
Highlighted
Beginner

ACS 5.1 default setting

Does anyone know if the following setting is a shipping default in the ACS 5.1? thanks

In the Access Policies ->Network Device Admin -> Identity -> Advanced Options, the If user not found was set to “Continue” .

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Rising star

It is not. By default upon installation the setting for this is Reject

When new rules are added to an identity policy the setting is similarly set to Reject. In order to change this need to expand the Advanced Options and choose your desired setting

View solution in original post

Highlighted

The best you can do is the following

- Go to "Launch Monitoring & Report Viewer" and then select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button and then Run->Qery and Run

- In object type enter "Access Service" and in Object Name set to "Default Device Admin"

You will be able to see who made and changes and when. Note it does not give the details of the specific change since policy is a complex data object with multiple rules, ordering etc

View solution in original post

Highlighted

Do the following:

- Go to "Launch Monitoring & Report Viewer"

- in navigation select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button next to "ACS_Configuration_Audit" and in bottom left select arrow on button called "Run" and then "Query and Run" option

- In object type enter "Access Service" and in Object Name set to "Default Device Admin" and then select "Run"

View solution in original post

6 REPLIES 6
Highlighted
Rising star

It is not. By default upon installation the setting for this is Reject

When new rules are added to an identity policy the setting is similarly set to Reject. In order to change this need to expand the Advanced Options and choose your desired setting

View solution in original post

Highlighted

Thank you very much jrabinow.!!

Then I'm curious to know whether I can find when the setting was changed? and by whom?

Highlighted

The best you can do is the following

- Go to "Launch Monitoring & Report Viewer" and then select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button and then Run->Qery and Run

- In object type enter "Access Service" and in Object Name set to "Default Device Admin"

You will be able to see who made and changes and when. Note it does not give the details of the specific change since policy is a complex data object with multiple rules, ordering etc

View solution in original post

Highlighted

- Select radio button and then Run->Qery and Run

Which radio button should I select? anyone? or the ACS_Configuration_Audit?

Thanks again.

BTW, I did run a report on the ACS_Configuration_Audit but couldn't see anything except my change which was made this morning. I'm assuming the default was set to "Continue"..

Highlighted

Do the following:

- Go to "Launch Monitoring & Report Viewer"

- in navigation select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button next to "ACS_Configuration_Audit" and in bottom left select arrow on button called "Run" and then "Query and Run" option

- In object type enter "Access Service" and in Object Name set to "Default Device Admin" and then select "Run"

View solution in original post

Highlighted

Yes, that's what I need. Thanks a lot for your help.

Content for Community-Ad