You can authenticate administrators and Web Portal users using RADIUS or TACACS+ authentication methods.
Before you begin
You must have an external authentication server that provides RADIUS or TACACS+ authentication methods.
The Management Server’s internal user database does not allow external authentication servers to query the administrator account information. To use external authentication, you must manually
create an account both in the Secure SD-WAN Manager for defining the permissions and in the external directory for logon authentication. The
administrator’s user name for the Management Server and for the directory that the external authentication server uses must match exactly.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Add one of the following types of server elements to integrate the external server, then define the shared secret used in the
communications in the server element.
- Add a RADIUS Authentication Server element, then add a RADIUS Authentication Method.
- Add a TACACS+ Authentication Server element, then add a TACACS+ Authentication Method.
- Add an Active Directory Server element, then add a RADIUS Authentication Method.
Note: To use a RADIUS or TACACS+ Authentication Server that has an IPv6 address, the Management Server must also have an IPv6 address.
-
Add an Access rule that allows traffic from your Management Server to the external authentication server.
-
Select Configuration, then browse to Network Elements.
-
Browse to Servers.
-
Right-click the Management Server, then select Properties.
-
From the RADIUS Method or TACACS+ Method drop-down list, select the authentication
protocol for authenticating the Management Server’s communications with the external authentication server.
CAUTION:
To guarantee the security of the Secure SD-WAN Manager, communications between the Management Server and the external authentication server must
remain confidential. We recommend transferring these connections over secure networks only.
-
(RADIUS Authentication Servers only) Set up the external server for use with the Management Server.
-
Define the Management Server as a RADIUS client on your server.
-
Define the same authentication method on your server as you selected in the Management Server properties in the previous step.
-
In the Management Client, configure RADIUS or TACACS+ authentication in the properties of each Administrator or Web Portal User account.
-
Select Configuration, then browse to Administration.
-
Select .
-
Right-click an Administrator element, then select Properties.
-
From the Authentication drop-down list, select RADIUS or TACACS+.
-
From the Authentication Method drop-down list, select an Authentication Method element, or click Select to select a different
Authentication Method element.
-
Click OK.