18-48
User
Guide
for
the
Cisco
Application
Networking
Manager
5.2
OL-26572-01
Chapte
r
18
Administering
the
Cisco
Application
Networking
Manager
Using
an
AAA
Server
for
Remote
User
Authentication
and
Authorization
c.
(Optional)
In
the
Description
field,
enter
a
description
for
the
user
account.
d.
In
the
Identity
Group
field,
select
one
of
the
groups
created
in
Step
3
t
o
associate
with
the
user.
e.
Click
Submit
.
Step
5
From
the
sidebar
menu,
choose
Policy
Elements
>
Authorization
and
Permissions
>
Device
Administr
ation
>
Shell
Profiles
to
create
a
shell
profile
for
each
Identity
Group
that
you
created
in
Step
3
.
The
shell
is
used
to
pass
the
user’s
role
and
domain
list
to
the
ANM
server.
The
Shell
Profiles
window
appears.
Do
the
following:
a.
Click
the
Custom
Attributes
tab.
b.
From
the
Attribute
field,
enter
the
attribute
name,
which
is
the
ANM
unique
ID
that
you
configured
in
the
ANM
organization
on
ANM.
The
ANM
unique
ID
is
followed
by
the
role
and
domain
names
as
a
name/value
pair
(NV
Pair)
using
the
following
format:
ANM_UniqueID
=
RoleName
<space>
Domain1
<space>
Domain2
.
.
.
For
example:
ANM=Role1
Domain1
Domain2
Domain6
The
ANM_UniqueID
variable
must
match
the
ANM
unique
ID
that
you
configured
in
the
ANM
organization
on
ANM
(see
t
he
“Adding
a
New
Organization”
section
on
page
18-10
).
This
line
cannot
exceed
254
characters.
If
you
need
to
use
more
than
254
characters,
add
another
ANM
Unique
ID
entry
to
specify
the
domains
associated
with
the
role
specified
in
the
first
entry
(for
details,
see
the
Guidelines
and
Restrictions
associated
with
this
topic).
c.
Click
Add
.
The
at
tribute
name
i
s
added
t
o
the
Manually
Entered
pane.
d.
Click
Submit
.
Related
Topics
•
Managing
User
Roles,
page
18-25
•
Managing
Domains,
page
18-32
•
Adding
a
New
Organization,
page
18-10
•
Using
an
AAA
Server
for
Remote
User
Authentication
and
Authorization,
page
18-38
•
Configuring
Remote
User
Authorization
Using
Cisco
Secure
ACS
Version
4.2,
page
18-48
Configuring
Remote
User
Authorization
Using
Cisco
Secure
ACS
Version
4.2
You
can
use
Cisco
Secure
ACS
Version
4.2
for
configuring
a
re
mote
server
to
perform
remote
authorization
of
ANM
users.
Note
This
procedure
describes
only
the
ANM-specific
attributes
for
creating
user
groups
and
users
on
Cisco
Secure
ACS.
For
information
about
configuring
the
other
attributes,
see
the
User
Guide
for
Cisco
Secure
Access
Control
Server
located
on
Cisco.com
.
