Product Documentation

Configuring Authentication and Authorization Settings

May 04, 2017
Authentication with the NetScaler Insight Center appliance can be local or external. With external authentication, the NetScaler Insight Center appliance grants user access on the basis of the response from an external server. It supports the following external authentication protocols:

The NetScaler Insight Center appliance also supports authentication requests from SSH. The SSH authentication supports only keyboard-interactive authentication requests. The authorization of SSH users is limited to Superuser privileges only. Users with readonly privileges cannot log on through SSH.

To configure authentication, specify the authentication type, and configure an authentication server.

Authorization through the NetScaler Insight Center appliance is local. The NetScaler Insight Center appliance supports two levels of authorization. Users with superuser privileges are allowed to perform any action on the appliance. Users with readonly privileges are allowed to perform only read operations. The authorization of SSH users is limited to superuser privileges only. Users with readonly privileges cannot log on through SSH.

Authorization for RADIUS and LDAP is supported by group extraction. You can set the group extraction attributes during the configuration of RADIUS or LDAP servers on the NetScaler Insight Center appliance. The extracted group name is matched with the group names on the NetScaler Insight Center appliance to determine the privileges given to the user. A user can belong to multiple groups. In that case, if any group to which the user belongs has superuser privileges, the user has superuser privileges. A Default authentication group attribute can be set during configuration. This group is considered along with the extracted groups for authorization.

In the case of TACACS authorization, the TACACS server administrator must permit a special command, superuser for a user who is to have superuser privileges and deny this command for users with readonly privileges. When a user logs on to NetScaler Insight Center, it checks if the user has permission to execute this command and if the user has permission, the user is assigned the superuser privileges else the user is assigned readonly privileges.

Configuring User Accounts

Updated: 2014-08-22

A user logs on to the NetScaler Insight Center appliance to perform appliance management tasks. To allow a user to access the appliance, you must create a user account on the NetScaler Insight Center appliance for that user. Users are authenticated locally, on the appliance. You can also enable external authentication for the user and specify the amount of time for which the a user can remain logged on.

To configure a user account

On the Configuration tab, navigate to System > User Administration > Users and, in the Users pane, add or edit a user account.

Adding a User Group

Updated: 2014-08-22

Groups are logical sets of users that need to access common information or perform similar kinds of tasks. You can organize users into groups defined by a set of common operations. By providing specific permissions to groups rather than individual users, you can save time when creating new users.

If you are using external authentication servers for authentication, groups in NetScaler Insight Center appliance can be configured to match groups configured on authentication servers. When a user belonging to a group whose name matches a group on an authentication server, logs on and is authenticated, the user inherits the settings for the group in NetScaler Insight Center appliance.

To add a user group

On the Configuration tab, navigate to System > User Administration > Groups, and then, create a user group.

Setting the Authentication type

Updated: 2014-08-22

From the NetScaler Insight Center graphical user interface (GUI), you can specify local or external authentication. External authentication is disabled for local users by default. It can be enabled by checking the Enable External Authentication option when adding the local user or modifying the settings for the user.

Important: External authentication is supported only after you set up a RADIUS, LDAP, or TACACS authentication server.

To set the authentication type

  1. On the Configuration tab, navigate to System > Authentication.
  2. In the details pane, click Authentication Configuration.
  3. Set the following parameters:
    • Server Type—Type of authentication server configured for user authentication. Possible values: LDAP, RADIUS, TACACS, and Local.
    • Server Name—Name of the authentication server configured in the NetScaler Insight Center appliance. The menu lists all the servers configured for the selected authentication type.
    • Enable fallback local authentication—Alternatively, you can choose to authenticate a user with the local authentication when external authentication fails. This option is enabled by default.
  4. Click OK.