Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Time Based Authorization/Authentication on devices :: ACS 5.4

Hi,

Do we have any option where we can allow config access to a particular external/internal user for certain time period. Time based device access.

We've External Identity Store in our environment where user got authenticated via LDAP server.

For Example - There is a user 'X'. I want to grant him config access on devices from 8:00 AM to 11:00 PM daily. After that he should only has Read Only access on the devices.

Please let me know if any other information is required from my side.

My ACS Ver is 5.4

Regards,

SYED

1 REPLY

Re: Time Based Authorization/Authentication on devices :: ACS 5.

  Hi,        

Yes. You need to create a date and time policy condition.

Policy Elements -> Session Conditions -> Date and Time.

You can specify the time there and then you can use the one you created in the authorization policy.

For example, you configure the date time condition to be from 8000 - 2300.

Then you go to the authorization policy and configure if it matches the date time instance then return a authorization profile (read write). otherwise (if not matching) return the authorization profile (read only).

(use shell profile instead if you are using TACACS+).

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
309
Views
0
Helpful
1
Replies
CreatePlease to create content