Overview of external user authentication

External user authentication means that authentication services are provided by an authentication server outside of the Secure SD-WAN Manager.

You can use the following kinds of external authentication services:

• Authentication services that support the RADIUS or TACACS+ protocol, such as RSA Authentication Manager or the NPS (Network Policy Server) of a Windows (Active Directory) server.
• LDAP authentication for simple password authentication against the LDAP database on the external directory server where user accounts are stored.

Figure: External user authentication process

1

The user opens an authentication connection to the firewall.

2

The firewall queries the directory server to check if the user exists and which authentication method the user should use.

3

The firewall prompts the user to authenticate, then the user enters the credentials required for the authentication method.

4

The firewall relays the user credentials to one of the following components depending on the authentication method:

• For RADIUS or TACACS+ authentication methods, the firewall relays the user credentials to the external authentication sever.
• For LDAP authentication, the firewall relays the user credentials to the directory server.

5

Depending on the authentication method, one of the following components verifies the user credentials and responds to the firewall whether authentication succeeds or fails:

• For RADIUS or TACACS+ authentication methods, the external authentication server verifies the user credentials.
• For LDAP authentication, the directory server verifies the user credentials.