User authentication methods
Authentication Method elements define the authentication method used by particular authentication servers, and by particular users and user groups.
The SMC and engine supports many internal and external authentication methods.
The following authentication methods can be used to authenticate users:
- Client certificates.
- External authentication provided by servers that support the RADIUS (Remote Authentication Dial-in User Service) protocol.
- External authentication provided by servers that support the TACACS+ (Terminal Access Controller Access Control System Plus) protocol.
- LDAP authentication is used for simple password authentication against external LDAP databases.
- Pre-shared keys (for use with some third-party VPN clients).
- User passwords stored in internal or external LDAP databases.
Note: The user authentication methods are used for authenticating users who connects through the engine, or authenticating VPN client or SSL VPN Portal users.
The following authentication methods can be used to authenticate admin users:
- Client certificates.
- External authentication provided by servers that support the TACACS+ (Terminal Access Controller Access Control System Plus) protocol.
- External authentication provided by servers that support the RADIUS (Remote Authentication Dial-in User Service) protocol.
- LDAP authentication is used for simple password authentication against external LDAP databases.
- OpenID authentication by using an OpenID provider.
- SAML authentication by using a SAML based identity provider.
- User passwords stored in internal or external LDAP databases.
Note:
- The admin user authentication method is for authenticating admin users to grant access to SMC management tools, i.e. via SMC GUI client, or SMC Web Access.
- The SAML and OpenID authentication methods can only be used with the SMC Web Access.