Adding TACACS+ user groups - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

Address Manager TACACS+ Groups allow users from TACACS+ systems to log in to Address Manager. Use TACACS+ Groups when you already have users defined in another TACACS+ system and you don't want to re-create and maintain those users in Address Manager.

When users from a TACACS+ group log in to Address Manager, they're automatically added to the Users list, and the TACACS+ User column indicates that the users are TACACS+ users. Unlike standard Address Manager users, you don't need to create the user in Address Manager before the user can log in. After manually creating a TACACS+ user group, any users you add to the TACACS+ group on your TACACS+ server can log in to Address Manager.

You can assign access rights to the TACACS+ group, and you can assign access rights to individual TACACS+ users. If you have several TACACS+ groups with differing access rights, and a user belongs to multiple groups, or if you apply access rights to a user in addition to those that the user inherits from the TACACS+ group, the user receives the most permissive access rights.

Note: You can't assign TACACS+ users to standard Address Manager user groups.
Note:
  • Before creating TACACS+ groups, you must set up one or more TACACS+ authenticators. For information on adding authenticators, refer to Adding external authenticators.
  • You can only edit a TACACS+ Group name after you create it. To make changes to other parameters of a TACACS+ group, delete the group and then re-create it.

To add a TACACS+ Group:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
  2. Under User Management, click Users and Groups.
  3. Click the Groups tab.
  4. Under Groups, click New, and then select TACACS+ Group.
  5. Under TACACS+ Group, define the following parameters:
    • TACACS+ Authenticator—select the TACACS+ authenticator from the drop-down list.
    • TACACS+ Group Name—type a descriptive name for the TACACS+ authenticator group.
  6. Under Change Control, add comments, if required.
  7. Click Add.