Overview of external user authentication
External user authentication means that authentication services are provided by an authentication server outside of the Secure SD-WAN Manager.
You can use the following kinds of external authentication services:
- Authentication services that support the RADIUS or TACACS+ protocol, such as RSA Authentication Manager or the NPS (Network Policy Server) of a Windows (Active Directory) server.
- LDAP authentication for simple password authentication against the LDAP database on the external directory server where user accounts are stored.
- 1
- The user opens an authentication connection to the firewall.
- 2
- The firewall queries the directory server to check if the user exists and which authentication method the user should use.
- 3
- The firewall prompts the user to authenticate, then the user enters the credentials required for the authentication method.
- 4
- The firewall relays the user credentials to one of the following components depending on the authentication method:
- For RADIUS or TACACS+ authentication methods, the firewall relays the user credentials to the external authentication sever.
- For LDAP authentication, the firewall relays the user credentials to the directory server.
- 5
- Depending on the authentication method, one of the following components verifies the user credentials and responds to the
firewall whether authentication succeeds or fails:
- For RADIUS or TACACS+ authentication methods, the external authentication server verifies the user credentials.
- For LDAP authentication, the directory server verifies the user credentials.