ADC

Restricted system user authentication to Citrix ADC management interfaces

You can restrict system user access to specific Citrix ADC management interfaces such as CLI or API. The allowedManagementInterface parameter defines the list of permitted management interfaces. For example, if the management interface for a user or a group is set to API, all users in the group can access Citrix ADC through API and not through CLI. However, the Citrix ADC GUI is part of the API interface and users with API permission can also access the GUI interface.

Note:

By default, users and groups have access to all interfaces (CLI, API, and the GUI).

You can configure the parameter either at the user level or at the user group level. When you configure at the group level, the configuration is applied across all user accounts in the group. If a user is bound to multiple groups, the appliance allows access to an aggregated set of management interfaces. You can specify settings for a user in a group by configuring the parameter at user level. In this case – user level setting is configured for a group. In certain scenarios, when the customer is using an external authentication server for managing user accounts, the server details are configured on the appliance. In this case, the administrator can create a user group in the Citrix ADC appliance and add all users (grouped in the external server) to the group. For example, all users managed in the external server are added to the API_users group and the admin can configure the group locally on the appliance.

Note:

The Citrix ADC appliance allows only nsroot administrator (superuser) to configure the parameter and does not allow any system user to change the parameter setting.

Configure user access to Citrix ADC management interfaces by using the CLI

To allow user access to a specific management interface, you must set the allowed management interface parameter. At the command prompt, type:

set system group <groupName> [-allowedManagementInterface ( CLI | API )]

Example:

set system group network_usergroup –allowedManagementInterface CLI

For parameter description, see Authentication and authorization command reference topic.

To know about Citrix GUI and CLI interfaces, see Access Citrix ADC topic.

Restricted system user authentication to Citrix ADC management interfaces