Manual Chapter : Authentication Concepts

Applies To:

Show Versions Show Versions


  • 11.2.1
Manual Chapter

Authentication in Access Policy Manager

Access Policy Manager® provides several benefits when it comes to authenticating and authorizing your users.

Benefit Description
Policy component Administrators are able to add various types of supported authentication methods as basic components to their access policy.
Flexibility Administrators can combine multiple authentication mechanisms in an arbitrary manner for a single access policy.
Performance Administrators should see high optimization (approximately 250 logins/sec.).
Extensible Administrators can configure an access policy to retrieve user's credentials from multiple sources (for example, client certificate fields) as input to an authentication subsystem.
Customizable input Administrators can customize login page input and add the customized login page to their access policy.
Generic output Administrators can use the results from an authentication subsystem as input for various other functionality, for instance, resource assignments.

These illustrations depict the use of authentication as an access policy component. They also show how various authentication schemas are combined together within a single access policy, and the result from authentication is used for assigning the appropriate resources to a user.

How does authentication work? Create a AAA server object
How to create an access policy for authentication Create an access policy

About AAA traffic and route domains

To use route domains for AAA authentication traffic, you must use the pool option in the AAA server configuration. When Use Pool is the selected Server Connection option, the server address field can take an IP address with route domain (IPAddress%RouteDomain) format. The route domain value is ignored when the AAA server is configured in direct option.