RADIUS and LDAP: Authentication
If you use RADIUS or LDAP for user authentication, to manage user access you will create each user in the Administration module. This method is typically referred to as Individual Authentication, and it requires you to maintain the user's user name and password.
Individual Authentication
With individual authentication, users will be authenticated using their RADIUS or LDAP credentials.
Using Individual Authentication
First, create your authentication server in the Administration module.
Then add individual users as described in the Create a User topic, taking care to ensure the following:
- Each user's RADIUS or LDAP user name and password are entered.
- Each user is assigned to a user group. Permissions to features are granted to user groups, not individual users.
- LDAP groups are mapped to the user group (optional).
Your server performs authentication, granting or denying the user access to SIP. Once the user has been authenticated, SIP manages the authorization — giving the user access to portions of the module based on membership in a user group.
Authorization of New or Existing RADIUS or LDAP Users
Individual Authentication of New Users
New users will automatically be created upon entering their RADIUS or LDAP credentials if the following conditions are met:
- The user has never been created in the Administration module.
- The user is authenticating against a RADIUS or LDAP server that is mapped to a user group.
The user account will be created and assigned to the RADIUS or LDAP server responsible for authentication and the user group it's mapped to.
Users can log in to add-on modules such as Policy Planner and Policy Optimizer with their RADIUS or LDAP credentials.