User Authentication and User Roles

User Authentication

User is granted access to Harmony Controller based on the credentials provided (admin user name and password).

Whenever a user attempts to login to the Harmony Controller, by default the Harmony Controller first verifies the username and password entered by the user with its own local database. If the details entered by the user matches that in its database, the user is granted access, else denied access to the Harmony Controller.

The administrator can alternately configure Harmony Controller to authenticate the user with an external authentication server like RADIUS, TACACS Plus or LDAP.

Multiple Authentication Methods

User can configure either of the below methods for authentication:

  • Local Authentication
  • LDAP Authentication
  • Google Authentication
  • TACACS Plus
  • Radius

Authentication Process

Prerequisites

Admin user must be defined in Harmony Controller under Organization > Authentication.

Follow the steps to set the authentication using one of the authentication methods:

  1. Refer to the subscription email for A10 Harmony Controller and access the link to activate your account and set your password.

    _images/email.png
  2. Accept the terms and conditions and select the one of the authentication modes.

    _images/subscription.png
    _images/auth_mode.png
  3. If local authentication is selected as the authentication mode, select local authenticaiton and click set authentication.

    _images/Local_Authentication.png
  4. If LDAP is selected as the authentication mode, refer to LDAP Authentication Mode for additional information.

    _images/LDAP.png
  5. If Google Authentication is selected as the authentication mode, refer to Google Authentication Mode for additional information.

    _images/Google_Authentication.png
  6. If Radius is selected as the authentication mode, enter the host address, port number and shared secret information and retries (optional) and click set authentication.

    _images/Radius.png
  7. If TACACS Plus is selected as the authentication mode, enter the host address, port number, shared secret information and timeout (optional), retries (optional), remote address (optional) and click set authentication.

    _images/TACACS.png
  8. To edit the configuration or change the authentication settings, click Organization > Authentication > Edit Configuration.

    _images/edit_configuration.png

Roles and Permissions

There are different roles and corresponding permissions in the Provider-Tenant configuration:

The root user can have any of these roles:

  • Root user (can be Root Admin)
  • Root level-Tenant Admin
  • Root level-Tenant’s user

The administrator roles include:

  • Root Level Administrator
  • Provider-level Administrator
  • Tenant Administrator

Provider-Tenant High-Level Diagram Explaining Different Roles

In the high-level Provider-Tenant configuration, the roles fit in as shown in this diagram.

_images/user-roles.png