Product Documentation

Configuring Authentication, Authorization, and Auditing

Oct 19, 2016

You can configure Authentication, Authorization, and Auditing (AAA) for the applications that you configure on the appliance. An authentication policy that is configured for an application defines the type of authentication to apply when a user or group attempts to access the application. If external authentication is used, the policy also specifies the external authentication server. Authorization policies configured for an application specify whether a particular user or group can access the application. Auditing policies define the audit log type, the level at which logging is performed, and other audit server settings. Authentication and auditing policies use the classic policy format.

Authentication policies, authorization policies, and auditing policies can be configured in any order. However, before you configure AAA for an application, you must configure a public endpoint for the application.

Configuring Authentication

Updated: 2013-08-30

Configuring authentication for an application involves specifying an authentication FQDN, an authentication virtual server, a server certificate, and authentication and session policies. Authentication policies are automatically bound to the authentication virtual server specified for the application.

To configure authentication for an AppExpert application

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the name of the application for which you want to configure authentication, and then click Authentication.
  3. In the Authentication Wizard, on the Introduction page, click Next.
  4. Follow the instructions in the Authentication Wizard.

Configuring Authorization

Updated: 2013-08-30

You can configure authorization for users and groups to enable then to access an AppExpert application. If the AAA user or group for which you want to configure permissions has not already been created, you can create it from AppExpert and then configure permissions for application access.

To configure permissions for a AAA user or group to access an AppExpert application

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the AppExpert application for which you want to configure user or group access, and then click Authorization.
  3. Do one of the following:
    • If the AAA user or group for which you want to configure permissions is already in the Groups/Users tree, drag the user or group from the Groups/Users tree to the Users or Groups node in the application tree. Then, right-click the user or group and click Allow.
    • If the AAA user or group for which you want to configure permissions is not configured on the appliance, in the application tree, right-click Users or Groups, and then click Add. In the Create AAA Group or Create AAA User dialog box, fill in the values, click Create, and then click Close.

      The user or group is created with the permission set to Allow. To change the permission setting, right-click the group or user, and then click the permission setting.

  4. Click Close.

Configuring Auditing

Updated: 2013-08-30

When you configure auditing policies for an application, you must specify the server to which the log messages must be directed, the format of the messages logged, and the log level. Optionally, you can configure other settings, such as the log facility and date format. Auditing policies are automatically bound to all the AppExpert application’s public endpoints.

To configure auditing policies for an application

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the application for which you want to configure auditing policies, and then click Auditing.
  3. In the Configure Auditing Policies dialog box, click Insert Policy.
    • To specify an existing auditing policy, under Policy Name, click the name of the policy, and then do the following:

      • To modify the priority that is assigned to the policy by default, under Priority, double-click the priority, and then type a new priority value.
      • To modify the settings of the audit server, under Server, double-click the name of the server, and then, in the Configure Auditing Server dialog box, modify the settings as appropriate. You can modify all the settings in this dialog box except the name of the audit server and the audit type. For more information about the settings in the Configure Auditing Server dialog box, see "Auditing Policies."
    • To create a new auditing policy, under Policy Name, click New Policy, and then, in the Create Auditing Policy dialog box, do the following:

      • In the Name box, type a name for the policy.
      • The Name box already contains the string that is required at the beginning of the server name. You cannot modify the string.
      • From the Auditing Type list, select the auditing type (either SYSLOG or NSLOG).
      • If the audit server you want to specify is already listed in the Server list, select the server from the list, and then, if you want to modify the server settings, click Modify. In the Configure Auditing Server dialog box, modify the settings as appropriate, and then click OK. For more information about the settings in the Configure Auditing Server dialog box, see "Auditing Policies."
      • If you want to configure a new audit server, click New, and then, in the Create Auditing Server dialog box, type a name for the server, specify the server IP address, port number, and other settings as appropriate. When finished, click OK.
      • Click Create.
    • To change the priorities for the new auditing policies you created, under Priority, for each policy for which you want to change the priority, double-click the priority value and type new priority value.
    • To regenerate priorities, click Regenerate Priorities.
    • To unbind a policy, click the policy, and then click Unbind Policy.
    • To modify a policy, click the policy, and then click Modify Policy.
  4. Click Apply Changes, and then click Close.

Disabling AAA for an Application

Updated: 2013-08-30

After you configure AAA for an application, you can disable the AAA configuration for that application. When you disable AAA for an application, the configuration is not lost. You can enable AAA for the application when you want to reapply the configuration.

To enable or disable AAA for an application

  1. Navigate to AppExpert > Applications.
  2. In the details pane, click the application for which you want to enable or disable AAA, and then do one of the following:
    • To disable AAA for the application, click Turn Off AAA.
    • To enable AAA for the application, click Turn On AAA.