Configuring Security Settings : Configuring general security settings
  
Configuring general security settings
You configure general security settings under Administration > Security: General Settings. These configuration options are available under Authentication Methods:
Authentication Methods
Specifies the authentication method. Select an authentication method from the drop-down list. The methods are listed in the order in which they occur. If authorization fails on the first method, the next method is attempted, and so on, until all of the methods have been attempted.
For RADIUS/TACACS+, fallback only when servers are unavailable
Specifies that the SteelHead falls back to a RADIUS or TACACS+ server only when all other servers don’t respond. This is the default setting. You must select this option if you want a safety account login on AAA servers that are unreachable. When this feature is disabled, the SteelHead doesn’t fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and doesn’t get a response, it returns a server failure.
Safety Account
Creates a safety account so that admin/sys admin users can login to the SCC even if remote authentication servers are unreachable. A safety account increases security and conforms to Defense Information Systems Agency (DISA) requirements. Only the selected safety account will be allowed to login in cases where the AAA server isn’t reachable. (Only one user can be assigned to the safety account.) You can create a system administrator user in the Administrator > Security: User Permissions page. For details, see About user permissions.
Safety Account User
Specifies the user from the drop-down list.
Authorization Policy
(Appears only for some Authentication Methods.) Specifies one of these policies from the drop-down list:
Remote First—Check the remote server first for an authentication policy, and only check locally if the remote server doesn’t have one set. This is the default behavior.
Remote Only—Checks the remote server.
Local Only—Checks the local server. All remote users are mapped to the user specified. Any vendor attributes received by an authentication server are ignored.
Default User
Specifies the default user from the drop-down list.
Setting RADIUS servers
Configuring TACACS+ access