Overview of external user authentication

External user authentication means that authentication services are provided by an authentication server outside of the Secure SD-WAN Manager.

You can use the following kinds of external authentication services:

  • Authentication services that support the RADIUS or TACACS+ protocol, such as RSA Authentication Manager or the NPS (Network Policy Server) of a Windows (Active Directory) server.
  • LDAP authentication for simple password authentication against the LDAP database on the external directory server where user accounts are stored.

Figure: External user authentication process



1
The user opens an authentication connection to the firewall.
2
The firewall queries the directory server to check if the user exists and which authentication method the user should use.
3
The firewall prompts the user to authenticate, then the user enters the credentials required for the authentication method.
4
The firewall relays the user credentials to one of the following components depending on the authentication method:
  • For RADIUS or TACACS+ authentication methods, the firewall relays the user credentials to the external authentication sever.
  • For LDAP authentication, the firewall relays the user credentials to the directory server.
5
Depending on the authentication method, one of the following components verifies the user credentials and responds to the firewall whether authentication succeeds or fails:
  • For RADIUS or TACACS+ authentication methods, the external authentication server verifies the user credentials.
  • For LDAP authentication, the directory server verifies the user credentials.