Adding Global Shared Credentials

There are five of Shared Credentials:
  • Account
  • Privilege password
  • SNMP V1/V2c
  • SNMP v3
  • RSA
To import credentials in bulk, see Command Line Interface for more information.

Creating Shared Credential - Account Class

To Create a shared credential with the class type of Account, follow these steps:
  1. From the menu bar, select
    Tools -> System Administration
    .
  2. Next, select
    Global ->
    Credentials. 
      
    The
    Global
    Shared Credentials window displays with a listing of pre-assigned, shared credentials.  At the bottom of the window are the View Associations, Roll, Add, Edit, and Remove buttons, along with the Close option.      
  3. Click
    Add
    to display the Add Credential window.
    You can also Copy the Shared Credential using the Copy button.
  4. Enter the
    Credential Name
    .
  5. From the
    Credential Type
    section, select
    Account
    type from the options shown (using the drop-down arrow to display your selection).
    Depending on the credential type you select, additional information is displayed in the lower portion of the window. For example, when you select Account as the credential type, additional fields display where you enter information. See Unique Credentials for more information.
    Credentials provide you the option to generate unique, random passwords of user definable length when using the Generate button.    
  6. Complete the following steps:
    • Enter the
      User Name
      .
    • Enter a
      Password
      . Confirm the Password.
    • Select the check box if this account is managed by an external authentication server.
  7. Click
    OK
    when you have completed these steps.
Creating Shared Credential - Privilege Password Class
With the
Network Shared Credentials
window displayed showing a listing of pre-assigned, shared credentials:
  1. Click
    Add
    to display the Add Credential window.
  2. Enter the
    Credential Name.
  3. From the
    Credential Type
    section, select
    Privilege Password
    from the options shown (using the drop-down arrow). See Unique Credentials for more information.
    To use Unique passwords per device, creating a Unique Credential eases the deployment of device passwords. A Unique credential is a placeholder that tells the system there are unique individual passwords on each device associated with the credential. Unique credentials have no passwords stored with them, but create a different password for each device associated with them. Unique credentials must be coupled with an update to devices.
     
  4. Enter a
    Password
    . Confirm the Password you just entered. You can also click the
    Secure
    check box, then click
    Generate
    to have the application generate a system-only-known password. Secure passwords will generate the appropriate enable-secure command when used to update a Cisco IOS device. 
  5. Click
    OK
    when you have completed these steps.
  Creating Shared Credential - SNMP v1/v2c
With the
Network Shared Credentials
window displayed showing a listing of pre-assigned, shared credentials:
  1. Click
    Add
    to display the Add Credential window.
  2. Enter the
    Credential Name.
  3. From the
    Credential Type
    section, select
    Community String
    from the options shown (using the drop-down arrow). See Unique Credentials for more information.
  4. Complete the following steps for the
    Read-Only
    section:
    • Enter the Community String.
    • Confirm the Community String entered.
  5. Complete the following steps for the
    Read-Write
    section:
    • Enter the Community String.
    • Confirm the Community String entered.
  6. Click
    OK
    when you have completed these steps.
Creating Shared Credential - SNMP v3
With the
Network Shared Credentials
window displayed showing a listing of pre-assigned, shared credentials:
  1. Click
    Add
    to display the Add Credential window.
  2. Enter the
    Credential Name.
  3. From the
    Credential Type
    section, select
    SNMP v3
    from the options shown (using the drop-down arrow). See Unique Credentials for more information.
When
SNMP v3
is selected as the Credential Type, the information you need to select and enter is divided between two tabs;
Security
and
Context
.
  • From the
    Security
    tab, complete the following steps:
  • Enter a User Name
  • From the drop-down arrow, select Security Level. Depending on the Security Level you select, Authentication Protocol and Privacy Protocol may not be selectable.
  • From the drop-down arrow, select a Authentication Protocol (if appropriate).
  • From the drop-down arrow, select a Privacy Protocol (if appropriate).
    You can select
    AES192W3DESKEYExt
    and
    AES256W3DESKEYExt
    protocols, only for the Cisco specific device(s).
  • Enter an Authentication Password, then re-enter the password.
  • Enter a Privacy Password, then re-enter the password. Note that you can click Generate to have Network Configuration Manager create passwords for you.
  • Once your passwords are verified, click
    Ok
    .
 
Mibs refer to Management Information Bases, and Oids refer to Object Identifiers.
  • From the
    Context
    tab, compete the following steps:
  • Enter the Context Name
  • Enter the Context Engine ID
  • Enter a User Group Name
  • Enter a View Name
  • Select a View Access from the drop-down arrow
  • Enter the Mibs/Oids you want included
  • Enter the Mibs/Oids you want to be excluded from these credentials
  • Click
    Ok
    to keep your selections
Creating Shared Credential - RSA
With the Network Shared Credentials window displayed showing a listing of pre-assigned, shared credentials:
  1. Click Add to display the Add Credential window.
  2. Enter the Credential Name.
  3. From the Credential Type section, select RSA from the options shown (using the drop-down arrow). See Unique Credentials for more information.
  4. Assign RSA tokens using the steps in the Assigning RSA Tokens section below.
  5. Set the PINs for the RSA tokens using the steps in the Setting RSA Token PINs section below.
  6. Click OK when you have completed these steps.
 
Assigning RSA Token
  1. Select
    Assign RSA Tokens
    . The Assign RSA Tokens window pens.
  1. The Available RSA Tokens column is a list of all unassigned RSA tokens. Select the
    RSA
    tokens to which the user or group will have permissions.
    A sequence of RSA tokens can be selected by holding down the Shift-key while clicking RSA tokens. Or, multiple, non-sequential RSA tokens can be selected by holding the Ctrl key while clicking the RSA token.
  2. When you have finished selecting RSA tokens, click
    Add
    or
    Add all
    .
  3. If you are unassigning RSA tokens, in the Assigned RSA Tokens column, select the
    RSA tokens
    to which the user will no longer be associated, then click
    Remove All
    .
  4. Once you have completed selecting the RSA tokens for the user, click
    OK
    . The Assign RSA Tokens window closes.
  5. You can now proceed with setting RSA token PINs for the user or group.
Setting RSA Token PINs
  1. From the list of RSA tokens, select an
    RSA token
    . RSA tokens that have not had the PIN set, show as Required under the PIN column.
  2. At the bottom of the Manage RSA Tokens pane, select
    Set PIN
    . The Set PIN window (for the user you selected) now opens.
 
  1. At the Set PIN screen, enter a
    valid PIN
    in the New PIN field.
  2. Enter the PIN again in the
    Confirm PIN
    field.
  3. Click
    Ok
    .