Product Documentation

Configure application authentication, authorization, and auditing

You can configure Authentication, Authorization, and Auditing (AAA) for the applications that you configure on the appliance. An authentication policy that is configured for an application defines the type of authentication to apply when a user or group attempts to access the application. If external authentication is used, the policy also specifies the external authentication server. Authorization policies configured for an application specify whether a particular user or group can access the application. Auditing policies define the audit log type, the level at which logging is performed, and other audit server settings. Authentication and auditing policies use the classic policy format.

Authentication policies, authorization policies, and auditing policies can be configured in any order. However, before you configure AAA for an application, you must configure a public endpoint for the application.

Configuring authentication for an application involves specifying an authentication FQDN, an authentication virtual server, a server certificate, and authentication and session policies. Authentication policies are automatically bound to the authentication virtual server specified for the application.

To configure authentication for an AppExpert application:

  1. Navigate to AppExpert > Applications.
  2. In the details pane, do one of the following:
    1. Click Add to add an authentication for a new application.
    2. Click Edit to modify an existing application.
  3. In the Applications page, select an Application Unit.
  4. In the Application Unit slider page, click Authentication from the Advanced Settings section.
  5. In the Authentication section, select the authentication type as follows:
    1. Form based authentication
    2. 401 based authentication
    3. None
  6. Click OK and then click Done.

Configure application authorization

You can configure authorization for users and groups to enable then to access an AppExpert application. If the AAA user or group for which you want to configure permissions has not already been created, you can create it from AppExpert and then configure permissions for application access.

To configure permissions for a AAA user or group to access an AppExpert application:

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the AppExpert application for which you want to configure a user or group access.
  3. In the Applications page, and then click Authorization. from the Advanced Settings section.
  4. Do one of the following:
    • If the AAA user or group for which you want to configure permissions are already in the Groups/Users tree, drag the user or group from the Groups/Users tree to the Users or Groups node in the application tree. Then, right-click the user or group and click Allow.

    • If the AAA user or group for which you want to configure permissions is not configured on the appliance, in the application tree, right-click Users or Groups, and then click Add. In the Create AAA Group or Create AAA User dialog box, fill in the values, click Create, and then click Close.

      The user or group is created with the permission set to Allow. To change the permission setting, right-click the group or user, and then click the permission setting.

  5. Click Done and then click Close.

Configure application auditing

When you configure auditing policies for an application, you must specify the server to which the log messages must be directed, the format of the messages logged, and the log level. Optionally, you can configure other settings, such as the log facility and date format. Auditing policies are automatically bound to all the AppExpert application’s public endpoints.

To configure auditing policies for an application:

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the application for which you want to configure auditing policies.
  3. In the Application Unit slider page, click + icon in the Policies section to configure the auditing policies.
  4. In the Policies slider page, select policy type as Syslog auditing or Nslog auditing and click Continue.
  5. In the Policy binding section, set the following parameters.
    1. Select a policy for binding. If you do not have a policy for binding. click + to create a new policy.

    2. To create a new auditing policy, under Policy Name, click New Policy, and then, in the** Polic**y page do the following:

      1. In the Name box, type a name for the policy.
      2. The Name box already contains the string that is required at the beginning of the server name. You cannot modify the string.
      3. From the Auditing Type list, select the auditing type (either SYSLOG or NSLOG).
      4. If the audit server you want to specify is already listed in the Server list, select the server from the list, and then, if you want to modify the server settings, click Modify. In the Configure Auditing Server dialog box, modify the settings as appropriate, and then click OK. For more information about the settings in the Configure Auditing Server dialog box, see Auditing Authenticated Sessions.
      5. If you want to configure a new audit server, click New, and then, in the Create Auditing Server dialog box, type a name for the server, specify the server IP address, port number, and other settings as appropriate. When finished, click OK.
      6. Click Create.
    3. To change the priorities for the new auditing policies you created, under Priority, for each policy for which you want to change the priority, double-click the priority value and type new priority value.

    4. To regenerate priorities, click Regenerate Priorities.

    5. To unbind a policy, click the policy, and then click Unbind Policy.

    6. To modify a policy, click the policy, and then click Modify Policy.

  6. Click Apply Changes, and then click Close.

Disabling AAA for an Application

After you configure AAA for an application, you can disable the AAA configuration for that application. When you disable AAA for an application, the configuration is not lost. You can enable AAA for the application when you want to reapply the configuration.

To enable or disable AAA for an application:

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the application for which you want to enable or disable AAA, and then do one of the following:
  3. To disable AAA for the application, click Turn Off AAA.
  4. To enable AAA for the application, click Turn On AAA.

Configure application authentication, authorization, and auditing