Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

After you have enabled access authentication and synchronized user groups, you can further control authentication by configuring authentication modes for address scopes to which certain users or devices belong. Using authentication mode provides you with the flexibility of mandating authentication for certain users while allowing others to bypass authentication.

You start by creating an IP space you use to associate with an on-prem host that has the Access Authentication service enabled. You then configure address blocks or subnets in the IP space and tag the address scopes with the predefined tag of “IB_Onprem_AuthN” and provide either “Exclude” or “Include” as the key value. You can then go to the on-prem host with which you have associated the IP space, so you can configure authentication modes for the address scopes you created.

To configure authentication modes, complete the following:

  1. From the Cloud Services Portal, go to Manage > IPAM/DHCP.

  2. On the Address Spaces page, click Create > IP Space to create an IP space to which you add address blocks or subnets, as described in Configuring IP Spaces .

  3. On the Address Spaces page, click Create > Address Blocks or Create > Subnets to add an address scope to the newly created IP space, as described in Creating Subnets . Ensure that you do the following when creating an address block or subnet:

    • Choose the IP space you just created.

    • Choose the on-prem host you want to associate with the IP space. Ensure that the on-prem host has the Access Authentication service enabled. For information, see Enabling and Disabling Services on On-Prem Hosts .

    • Add the “IB_Onprem_AuthN” key tag and enter “Exclude” as the key value if you want to exclude from the address block from authentication or enter “Include” to include the address scope for authentication. For information, see Managing Tags .

  4. After you have successfully created the IP space and address scopes, go to Manage >On-Prem Hosts.

  5. Select the on-prem host that you have associated with the IP space, and then click Service > Access Authentication > Configure.

  6. In the Configure Access Authentication dialog, scroll down and choose the address scope from the table, and then complete the following. The table displays address scopes you have configured.

    • Tagged Authentication Mode,: Choose one of the following mode for the chosen address block:  

      • Disabled: The tagged authentication control is disable. All clients must be authenticated. 

      • Exclusions: Clients from the address scopes tagged for exclusion will bypass authentication. Other clients outside of the address scopes must be authenticated. 

      • Inclusions: Clients from the address scopes tagged for inclusion must be authenticated. Other clients will bypass authentication.

      • Both: Clients from the address scopes tagged for inclusion and clients from untagged address scopes must be authenticated. Clients from the scopes tagged for exclusion will bypass authentication. 

  7. Click Save & Close.

  • No labels