Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

After you enable the access authentication service on an on-prem host, you must associate the on-prem host with an authentication profile. You can create multiple authentication profiles, but you can only enable one authentication profile for each on-prem host. In addition, you can exclude access authentication for devices and network users located on a separate subnet; to do this, enable or disable specific profiles for exclusion. 

To configure authentication profiles for an on-prem host, complete the following:

  1. From the Cloud Services Portal, click Manage > On-Prem Hosts.  
  2. Select an on-prem host from the list and click Service > Access Authentication > Configure.
  3. In the Configure Access Authentication dialog, click Add and choose an authentication profile from the list. Note that you can only add multiple profiles if they are of different protocol types and you can enable only one profile for each on-prem host. 
  4. To enable or disable a profile for exclusion, select a tagged IP space from among the list of available IP spaces. Next, choose a Tagged Authentication Mode from the following:  
    • Disabled: Tagged authentication control is disabled. All clients must authenticate use. 
    • Exclusions: Clients from the address scopes are tagged for exclusion bypass authentication. Other clients must authenticate. 
    • Inclusions: Clients from the address scopes tagged for inclusion must authenticate. Other clients bypass authentication.
    • Both: Clients from the address scopes tagged for inclusion or from untagged scopes must authenticate. Clients from the scopes tagged for exclusion bypass authentication. 
  5. Click Save & Close.

Access Authentication Exclusions

Access authentication exclusion is used to bypass the authentication process for desired devices. This is useful for devices which cannot otherwise be authenticated. By adding these devices to a subnet or to an IP address or IP addresses within a block, and then excluding the subnet or IP addresses from the authentication process, the devices are excluded from going through the authentication process.

Access authentication exclusions based on subnets or individual IP addresses require configuring an IP space and the assigning of a tag in order to to function. When Tagged Authentication Mode is set to Exclusions mode, the subnet or  IP addresses within the IP address block tagged for exclusion bypass authentication will be exempted from the access authentication process. 

For information about access authentication, see Managing Access Authentication.

  • No labels