ACS 5.2 expiration date per internal user

d.muccillo · ‎05-03-2011

Migrating from 4.2 to 5.2 acs and have noticed there is no expiration date per internal user added. We expire users at different times due to their time on site. Does anyone know if there is something that has to be added to get back this basic feature we had before?

Nixter · ‎06-02-2011

We also have the same problem regarding user expiration. A useful feature of ACS 4.2 (and lower) but it is no longer available with 5.x, it is very dissappointing.

christempleton · ‎09-13-2011

You no longer require to add an expiration date to a user. This is handled in the access policies section.

You would need to setup an expiration time/date policy in the policy elements / session conditions. Once you've done this you would add a test for that user in the policies section under exceptions to deny that user if the date is passed.

d.muccillo · ‎12-12-2011

I have tried to do this. Currently I have an attribute for Internal Users that i called Expiration Date.. I wanted to set the policy something like if the Internal user attribute Expiration Date is greater than the system date then deny access but I cannot. The system date is time and date so it does not match...for the dictionary attribute i created called Expiration date i cannot set it to be a time and date. Can you advise a little deeper how this can be done?

Nicolas Darchis · ‎11-21-2011

That feature is in acs 5.3 !

d.muccillo · ‎12-12-2011

I see the feature in 5.3 but i see it as a global setting which would affect all internal users. There are different expiration dates per internal user. How does this help?

Martin Kyrc · ‎11-22-2012

solution is upgrade to version 5.4:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp250930

--

martin