Address Manager TACACS+ Groups allow users from TACACS+ systems to log in to Address Manager. Use TACACS+ Groups when you already have users defined in another TACACS+ system and you don't want to re-create and maintain those users in Address Manager.
When users from a TACACS+ group log in to Address Manager, they're automatically added to the Users list, and the TACACS+ User column indicates that the users are TACACS+ users. Unlike standard Address Manager users, you don't need to create the user in Address Manager before the user can log in. After manually creating a TACACS+ user group, any users you add to the TACACS+ group on your TACACS+ server can log in to Address Manager.
You can assign access rights to the TACACS+ group, and you can assign access rights to individual TACACS+ users. If you have several TACACS+ groups with differing access rights, and a user belongs to multiple groups, or if you apply access rights to a user in addition to those that the user inherits from the TACACS+ group, the user receives the most permissive access rights.
- Before creating TACACS+ groups, you must set up one or more TACACS+ authenticators. For information on adding authenticators, refer to Adding external authenticators.
- You can only edit a TACACS+ Group name after you create it. To make changes to other parameters of a TACACS+ group, delete the group and then re-create it.
To add a TACACS+ Group: