Document toolboxDocument toolbox

Authenticating Administrators

Owned by Panna .
Last updated: Sept 30, 2022 by Jyothi KP
2 min read

The NIOS appliance supports the following authentication methods: local database, RADIUS, Active Directory, LDAP, TACACS+, and SAML. The appliance can use any combination of these authentication methods. It authenticates admins against its local database by default. Therefore, if you want to use local authentication only, you must configure the admin groups and add the local admin accounts, as described in Creating Local Admins.

Depending on where admin user credentials are stored, you can configure the NIOS appliance to authenticate admins locally or remotely or using SAML. When you configure the authentication type as "local," NIOS authenticates admins against its local database. When you configure the authentication type as "remote," NIOS authenticates admins whose user credentials are stored remotely on authentication servers, such as RADIUS servers, AD domain controllers, LDAP servers, or TACACS+ servers. When you configure the authentication type as "SAML Only," NIOS authenticates admins against their user credentials in the IDP (Identity Provider).

Note the following when you configure remote authentication type for local admins:

  • You cannot define two local admins that have the same name and belong to different authentication server groups.
  • Only superusers can modify the authentication type for other admin accounts.
  • At least one superuser account must use the remote authentication type.

To authenticate admins using RADIUS, Active Directory, TACACS+, or LDAP in addition to local authentication, you must define those services on the appliance and define the admin authentication policy. For information, see About Remote AdminsTo authenticate admins using SAML, see Authenticating Admins Using SAML.

NIOS also supports two-factor authentication where it authenticates the following:

  1. Administrators through the admin authentication policy.
  2. Admin client certificates through the certificate authentication service.

For more information about two-factor authentication and how to configure it, see Defining the Authentication Policy.

Note

If you are using remote authentication, you must always have at least one local admin in a local admin group to ensure connectivity to the NIOS appliance in case the remote servers become unreachable.