Chapter 10 Setting Up and Managing Administrators and Policy
Session Policy
10-16
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Session Policy
The Session Policy feature controls various aspects of Cisco Secure ACS
administrative sessions. This section contains the following topics:
•
Session Policy Options, page 10-16
•
Setting Up Session Policy, page 10-17
Session Policy Options
You can configure the following options on the Session Policy Setup page:
•
Session idle timeout (minutes)—Defines the time in minutes that an
administrative session, local or remote, must remain idle before
Cisco Secure ACS terminates the connection. This parameter applies to the
Cisco Secure ACS administrative session in the browser only. It does not
apply to an administrative dial-up session.
An administrator whose administrative session is terminated receives a dialog
box asking whether or not the administrator wants to continue. If the
administrator chooses to continue, Cisco Secure ACS starts a new
administrative session.
•
Allow Automatic Local Login—Enables administrators to start an
administrative session without logging in if they are using a browser on the
computer running Cisco Secure ACS. Such administrative sessions are
conducted using a default administrator account named “local_login”. The
local_login administrator account has all privileges. Local administrative
sessions with automatic local login are recorded in the Administrative Audit
report under the local_login administrator name.
Note
If there are no administrator accounts defined, no administrator name and
password is required to access Cisco Secure ACS locally. This prevents you from
accidentally locking yourself out of Cisco Secure ACS.