Document toolboxDocument toolbox

Defining Authentication Services

Owned by Viktoryia Varapayeva (Deactivated)
Aug 19, 2022
2 min read

In all cases, configuring authentication protocols for the NetMRI appliance requires creating one or more authentication services from the Settings icon > General Settings > Authentication Services page:

  • Local: The appliance's local user account authentication database, containing user login verification, Role and privilege assignments, and device group assignments. The Local service is the default and cannot be removed from the system. If no other services are available, users will be requested to log in using local credentials, which must also be configured by the administrator on the NetMRI appliance. For many deployments, the Local service should always be kept as the highest-priority service.

  • Active Directory: Allows NetMRI to use an Active Directory server or servers for external admin account verification and remote group authorization.

  • LDAP: Enables NetMRI to use a Lightweight Directory Access Protocol server or servers for external admin account verification and remote group authorization.

  • RADIUS: Allows NetMRI to use a RADIUS server or servers for external admin account verification and remote group authorization.

  • TACACS+: Allows NetMRI to use a TACACS+ server or servers for external admin account verification and remote group authorization.

  • SAML: Enables NetMRI to use a SAML server to authenticate users with their organization's single sign-on.

  • OCSP: Allows the verification of client CA certificates.

The following information is in the Authentication Services table:

  • Priority: The priority in the services list by which the service will be used by NetMRI. By default, the Local service retains the priority level of 1, placing it first in the Services list.

  • Name: The name of the service, defined by the administrator.

  • Service: The authentication service type, Local, Active Directory, LDAP, RADIUS, TACACS+, SAML, or OCSP.

  • Status: This field will show Active or Disabled. Services are disabled or enabled by user choice or automatically if no authentication server is defined for the service.

  • Authorization: This field will show Active or Disabled. The authorization capability is disabled or enabled by user choice, or is disabled automatically if the service does not have a remote group assigned to the local Roles that are defined on NetMRI. When authorization is disabled, the user must be defined locally and associated with Roles and device groups on the appliance, but their login credentials will be checked by the remote server.

  • Description: A description of the service, defined by the administrator.