...
In this remote authentication process, NIOS sends an authentication request to a RADIUS server group. This is controlled by CC/FIPS mode. To configure a RADIUS authentication server group, from the Administration tab -> Authentication Server Groups tab, click the Add icon in the RADIUS Services subtab, and specify the details in the Add RADIUS Authentication Service wizard. For more information, see Authenticating Admins Using RADIUS.
...
Note: Do not use the RADIUS authentication method when you operate in the FIPS mode.
...
LDAP
NIOS authenticates admin accounts by verifying user names and passwords against LDAP. If you select SSL as the encryption type for LDAP, then the prefix of the LDAP URL is set to ldaps. Otherwise, it is set to ldap. To set encryption type for an LDAP server group, from the Administration tab -> Authentication Server Groups tab, click the Add icon in the LDAP Services subtab, and specify the details in the Add LDAP Authentication Service wizard. When you enable the common criteria mode, LDAP sets minimal TLS protocol to TLS 1.0 and TLS cipher suites to the following: '-ALL:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA':. For more information, see Authenticating Admins Using LDAP.
...
TACACS+ provides separate authentication, authorization, and accounting services. This is controlled by CC/FIPS mode. You can configure a custom service, infoblox, on the TACACS+ server, and then define a user group and specify the group name in the custom attribute infoblox-admin-group. To configure a TACACS+ authentication server group, from the Administration tab -> Authentication Server Groups tab, click the Add icon in the TACACS+ Services subtab, and specify the details in the Add TACACS+ Service wizard. For more information, see Authenticating Admin Accounts Using TACACS+ .
...
Note: Do not use the TACACS+ authentication method when you operate in the FIPS mode.
...
Two-factor authentication
...