Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Junos Space Authentication Modes Overview

Junos Space Network Management Platform provides three authentication modes: local, remote, and remote-local. The default authentication mode is local.

For each of these modes, authentication and authorization is performed in the following ways:

  • Local—Authentication and authorization are performed by Junos Space Platform based on the user account and role information in the Junos Space database. You can create the user account for local authentication from the Role Based Access Control > User Accounts task.

  • Remote—Authentication and authorization are performed by a set of remote AAA servers (RADIUS or TACACS+). You can configure remote authentication from the Administration > Authentication Servers task.

  • Remote-Local—When a user is not configured on the remote authentication servers or when the servers are unreachable, the local password and role information are used if such a local user exists in the Junos Space database. You can configure remote-local authentication from the Administration > Authentication Servers task.

The following sections describe the authentication modes:

Local Authentication

The user is authenticated and authorized using the local Junos Space Network Management Platform database. By default, Junos Space Platform authenticates users locally. Before you can authenticate a user by using local authentication mode, you must create the user account in Junos Space Platform with a valid password and assign roles to the user. To create a user account in Junos Space Platform, use the Role Based Access Control >User Accounts > Create User (icon) task.

For more information, see the Configuring Users to Manage Objects in Junos Space Overview, Creating Users in Junos Space Network Management Platform, and Creating a User-Defined Role topics.

Remote Authentication

User authentication information is stored on one or more remote authentication servers. Authorization information can also be configured and stored on the remote authentication server. To configure Junos Space Network Management Platform remote authentication, see Managing Remote Authentication Servers.

In this mode, if a corresponding local user exists, the local password is used only in the emergency case where the authentication servers are unreachable.

Before you authenticate and authorize users by using remote authentication mode, you must make sure that:

Remote-Local Authentication

User authentication information is stored on one or more remote authentication servers. Authorization information can also be configured and stored on the remote authentication server. For more information about configuring Junos Space Network Management Platform remote-local authentication, see Managing Remote Authentication Servers.

In this mode, when a user is not configured on the remote authentication server, when the server is unreachable, or when the remote server denies the user access, then the local password is used if such a local user exists in the Junos Space Network Management Platform database.

Before you authenticate and authorize users by using remote-local authentication mode, you must make sure that: