User Authentication

Overview

TOS Classic supports these methods of user authentication (in the following order):

  • Local (the password is defined in TOS Classic)
  • External server:
    • LDAP (Active Directory)
    • TACACS+
    • RADIUS
  • SSO Authentication Service:
    • SAML (Contact Support for setup assistance)

TOS Classic users do not need to use the same authentication methods because TOS Classic recognizes different authentication methods for different users.

For authentication methods, Local, TACAS+ and RADIUS, usernames can contain all alphanumeric characters and these special characters: @ - + . _

When TOS Classic is configured to use LDAP, TOS Classic users defined in the LDAP are automatically imported to TOS Classic, and use only LDAP authentication. Their permission types (Administrator or User) are also defined by their LDAP groups. Device permissions for Users are defined in TOS Classic.

Other users are defined locally in TOS Classic. For these users, you can define whether their authentication method is Local, RADIUS or TACACS+, as part of the user's configuration. Their permission types (Administrator or User) are defined in TOS Classic, not in RADIUS or TACACS+.

Use External LDAP Authentication

Configure TOS Classic to use Active Directory for LDAP Authentication, and use the automatically imported LDAP users

Create and Configure a Custom LDAP for External Authentication of TOS Classic Users

See the Tech Note Configuring a new LDAP vendor for TOS Classic.

Use External RADIUS or TACACS+ Authentication

Configure TOS Classic to use RADIUS or TACACS+, and define users in TOS Classic with the authentication method set to RADIUS or TACACS+.

Use SSO Authentication Service

Contact Support to configure TOS Classic to use SSO Authentication, and define users in TOS Classic with the authentication method set to SSO Authentication.