cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

116
Views
0
Helpful
2
Replies
Highlighted
Beginner

How to restrict the changeuserpassword role in ACS? (5.8)

I have many users in the ACS that are used by a site-to-site VPNs, they are VPNs from different customers. I would like my customers to be able to change their users passwords by themselves. I am able to create the changeuserpassword role in the ACS, but it has access to change any users password. Is there a way that I can restrict the administrator so it can only change (and see), the passwords of SOME of the users?

thanks!!

Everyone's tags (1)
2 REPLIES 2
Highlighted
Cisco Employee

Hi,

Hi,

In ACS you have option to allow conditions to check prior to assign the requisite role. Conditions can be AD external group, Administration client IP, etc. 

System AdministrationAdministrators > Administrative Access Control > Authorization.

However, there is no such option where user can have access to some user for changing their password by administrator.

Also there is a feature called UCP.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/introd.html

The UCP web service allows you to authenticate an internal user and change the internal user password. You can use this web service interface to integrate ACS with your in-house portals and allow users in your organization to change their own passwords.

The UCP web service allows only the users in your organization to change their passwords. They can do so on the primary or secondary ACS servers.

Let me know if you have any queries.

Regards

Gagan

Highlighted
Cisco Employee

Hi,

Hi,

Any queries!!!

Regards

Gagan

PS: please rate if it helps