LDAP and RADIUS: Authentication
If you use LDAP or RADIUS for user authentication, to manage user access you will create each user in the Administration module. This method is typically referred to as individual authentication, and it requires you to maintain the user's user name and password.
Individual Authentication
With individual authentication, users will be authenticated using their LDAP or RADIUS credentials.
Using Individual Authentication
First, create your authentication server in the Administration module.
Then add individual users as described in the Create a User topic, taking care to ensure the following:
- Each user's LDAP or RADIUS user name and password are entered.
- Each user is assigned to a user group. Permissions to features are granted to user groups, not individual users.
- LDAP groups are mapped to the user group (optional).
Your server performs authentication, granting or denying the user access to SIP. Once the user has been authenticated, SIP manages the authorization — giving the user access to portions of the module based on membership in a user group.
Authorization of New or Existing LDAP or RADIUS Users
Individual Authentication of New Users
New users will automatically be created upon entering their LDAP or RADIUS credentials if the following conditions are met:
- The user has never been created in the Administration module.
- The user is authenticating against a LDAP or RADIUS server that is mapped to a user group.
The user account will be created and assigned to the LDAP or RADIUS server responsible for authentication and the user group it's mapped to.
Users can log in to add-on modules such as Policy Planner and Policy Optimizer with their LDAP or RADIUS credentials.