6-19
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Step 4 In the Token Card Settings table, to cache the token for the entire session, select
Session.
Step 5 Also in the Token Card Settings table, to cache the token for a specified time
period (measured from the time of first authentication), follow these steps:
a. Select Duration.
b. Type the duration length in the box.
c. Select the unit of measure, either Seconds, Minutes or Hours.
Step 6 To save the group settings you have just made, click Submit.
For more information, see Saving Changes to User Group Settings, page 6-56.
Step 7 To continue specifying other group settings, perform other procedures in this
chapter, as applicable.
Setting Enable Privilege Options for a User Group
Note If this section does not appear, click Interface Configuration and then click
TACACS+ (Cisco). At the bottom of the page in the Advanced Configuration
Options table, select the Advanced TACACS+ features check box.
Perform this procedure to configure group-level TACACS+ enable parameters.
The three possible TACACS+ enable options are as follows:
• No Enable Privilege—(default) Select this option to disallow enable
privileges for this user group.
• Max Privilege for Any AAA Client—Select this option to select the
maximum privilege level for this user group for any AAA client on which this
group is authorized.
• Define max Privilege on a per-network device group basis—Select this
option to define maximum privilege levels for an NDG. To use this option,
you create a list of device groups and corresponding maximum privilege
levels. See your AAA client documentation for information about privilege
levels.
