Remote Authentication Overview
Junos Space Network Management Platform, by default, authenticates users to log in locally when you configure their accounts by using Role Based Access Control > User Accounts > Create User (icon) task.
On the Administration > Authentication Servers inventory landing page, you can authenticate users to log in exclusively from a centralized location by using one or more RADIUS or TACACS+ remote authentication servers. You can also authenticate users to log in to Junos Space Network Management Platform by using both local and remote authentication.
You can configure the order in which Junos Space Network Management Platform connects to remote authentication servers by preference. Junos Space Network Management Platform authenticates users by using the first reachable remote authentication server on the list.
Junos Space Network Management Platform supports the following RADIUS authentication methods: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). For TACACS+ authentication, Junos Space Platform supports Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
If you configure remote authentication using RADIUS or TACACS+, then the most restrictive concurrent session limit between the Junos Space server and the remote authentication server takes effect.
You must have Super Administrator or System Administrator privileges to configure remote authentication server settings, authentication modes, and user passwords and settings.
Regular Junos Space Network Management Platform users cannot configure their own passwords if you maintain users solely by using a remote authentication server. You may choose to allow some privileged users to set a local password so they can still log in to Junos Space if the remote authentication server is unreachable.