Product Documentation

Authentication and Access Control

May 21, 2017

Authentication is a process by which you verify that someone is who they claim they are. In order to perform authentication, a user must already have an account created in a system which can be interrogated by the authentication mechanism, or an account must be created as part of the process of the very first authentication. NetScaler MAS provides a method for authenticating both local users and external users. While local users are authenticated internally, NetScaler MAS supports external authentication by means of RADIUS, LDAP and TACACS protocols. When a user attempts to access NetScaler MAS that is configured for external authentication, the requested application server sends the user name and password to the RADIUS, LDAP, or TACACS server for authentication. Once authenticated, the required protocol is used to identify the user on NetScaler MAS.

Access Control is the process of enforcing the required security for a particular resource. It is a security technique that can be used to regulate who can view or use resources in a computing environment. The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. Access control assumes that the authentication of the user has been successfully verified prior to enforcement of access control through a reference monitor. NetScaler MAS allows fine-grained, role-based access control (RBAC) by which the administrators can provide access permissions to users based on the roles of individual users within an enterprise. RBAC in NetScaler MAS is achieved by creating access policies, roles, groups, and users.