Document toolboxDocument toolbox

Defining the Authentication Policy

Owned by Panna .
Oct 03, 2024
2 min read

The authentication policy defines which authentication services the appliance uses to authenticate admins and lists the local admin groups that map to the remote admin groups.
By default, the appliance provides the "Local Admin" service for authenticating users against the local database. You cannot modify or delete this default service.

Configuring a List of Authentication Services

To enable the Multi-Grid Master to use multiple authentication services, you must define a prioritized list of services as follows:

  1. From the Administration tab, select the Administrators tab -> Authentication Policy tab.
  2. From the Authenticate users against these services in this order section, click the Add icon to add an authentication service.
  3. Select one of the following in the Add Authentication Service section:
    • RADIUS: Select this to add the RADIUS authentication service, and then select a service from the drop-down list.
    • Active Directory: Select this to add the AD authentication service, and then select a service from the drop-down list.
    • TACACS+: Select this to add the TACACS+ authentication service, and then select a service from the drop-down list
  4. Click Add.

You can reorder the list by selecting an authentication service and moving it up or down the list using the arrow keys.

Configuring a List of Remote Admin Groups

In order for the appliance to assign a remote admin to the correct group, you must list the admin groups in the local database that match the remote admin groups. You can also define a default admin group to which the appliance assigns remote users with no admin groups listed.
The appliance matches a remote admin to a group in the order the groups are listed. When the appliance receives information that an admin belongs to one or more groups, the appliance assigns the user to the first group in the list that matches. It assigns the admin to the default group, if specified, if no groups are returned by the domain controller or the RADIUS server, or if the appliance does not find a group in the local database that matches the group returned by the authentication server.
To configure the remote admin group list:

  1. From the Administration tab, select the Administrators tab -> Authentication Policy tab.
  2. From the Map the remote admin group to the local group in this order section, click the Add icon.
  3. In the Admin Group Selector dialog box, select an admin group, and then click the Select icon. Use Shift+click and Ctrl+click to select multiple admin groups.

You can reorder the list by selecting an admin group and using the arrow keys to move it up or down the list.
To assign a user to a specific admin group if the remote admin group is not found, select Assign User to this Group if Remote Admin Group cannot be found, and then click Select. In the Admin Group Selector dialog box, select an admin group, and then click the Select icon.