I'm not sure I understand your last sentence as it relates to your question, but you are correct. As long as the device is a client of the ACS server, and the device is properly configured to us that ACS server, authentication and authorization will work. If you change the client entry for the device in ACS, make sure you retain the same secret key.
As long as the ACS admin user specified in LMS has FULL admin privileges in ACS, then you're fine in terms of integration.
If you are asking about a CiscoWorks admin user that is different from the admin user in ACS, that is fine as well. The keys to remember that are vital for ACS integration to work are that the ACS admin user you specify in LMS must have full administrative rights to ACS, and the CiscoWorks System Identity User must exist in ACS and have full CiscoWorks rights for all applications.
As long as those two things are good, then the users you create in ACS for use in CiscoWorks should be fine.
The multi-server user is the same as the System Identity User. This can be different from the actual admin user that a person would use to login to CiscoWorks. The key is that both of these users need to have full CiscoWorks rights in ACS. This is done by creating a custom role under Shared Profile Components in ACS. This is documented in that write-up I pointed you to. Basically, you want a role that gives all access (i.e. all boxes checked) to every component in each of the LMS applications.
Then, assign that role to the group (or groups) that will contain your admin user and your System Identity User. Be sure to assign that role for all LMS applications.
To verify the ACS admin user that you specified in LMS has full ACS rights, go to Administration Control in ACS, and click on that username. In the screen that follows, EVERY box must be checked. If so, then that user is a full ACS admin user.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...