Address Manager TACACS+ Groups allow users from TACACS+ systems to log in to Address Manager. Use TACACS+ Groups when you already have users defined in another TACACS+ system and you don't want to re-create and maintain those users in Address Manager.
When users from a TACACS+ group log in to Address Manager, they're automatically added to the Users list, and the TACACS+ User column indicates that the users are TACACS+ users. Unlike standard Address Manager users, you don't need to create the user in Address Manager before the user can log in. After manually creating a TACACS+ user group, any users you add to the TACACS+ group on your TACACS+ server can log in to Address Manager.
You can assign access rights to the TACACS+ group, and you can assign access rights to individual TACACS+ users. If you have several TACACS+ groups with differing access rights, and a user belongs to multiple groups, or if you apply access rights to a user in addition to those that the user inherits from the TACACS+ group, the user receives the most permissive access rights.
- Before creating TACACS+ groups, you must set up one or more TACACS+ authenticators. For information on adding authenticators, refer to Adding external authenticators.
- You can only edit a TACACS+ Group name after you create it. To make changes to other parameters of a TACACS+ group, delete the group and then re-create it.
To add a TACACS+ Group:
- Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
- Under User Management, click Users and Groups.
- Click the Groups tab.
- Under Groups, click New, and then select TACACS+ Group.
Under TACACS+ Group, define the following parameters:
- TACACS+ Authenticator—select the TACACS+ authenticator from the drop-down list.
- TACACS+ Group Name—type a descriptive name for the TACACS+ authenticator group.
- Under Change Control, add comments, if required.
- Click Add.