Solved: User Account Question

burgessf · ‎02-07-2014

I have an ASA 5520, and we are undergoing an audit. Is there a way to view a list of users/accounts? I am tasked with reporting all users who's credentials will login to the ASA. All such users are in Active Directory, but I was advised that the "anyconnect group" is a catch-all group that will not be accurrate.

Poonam Garg · ‎02-08-2014

Hi Burgessf,

To view all user accounts locally created on ASA , go to ASDM--->Device Management--->Configuration-->Users/AAA-----> User Accounts.

Also if Active Directory is integrated for user authentication, then see which OU is specified under base DN attributes. ASA can query only that OU for user authentication.

Device Management-->Configuration----->AAA server Group--->Servers in the selected Group--->Select AD server------>Edit----> Base DN----->OU= what ever OU specified there.

All users specified in that OU can login to the device but they may have different level of authorization.

View solution in original post

Poonam Garg · ‎02-08-2014

Hi Burgessf,

To view all user accounts locally created on ASA , go to ASDM--->Device Management--->Configuration-->Users/AAA-----> User Accounts.

Also if Active Directory is integrated for user authentication, then see which OU is specified under base DN attributes. ASA can query only that OU for user authentication.

Device Management-->Configuration----->AAA server Group--->Servers in the selected Group--->Select AD server------>Edit----> Base DN----->OU= what ever OU specified there.

All users specified in that OU can login to the device but they may have different level of authorization.

burgessf · ‎02-11-2014

Poonam,

Thank you, your advice helped me greatly.