Local user management

Introduction

NSP has a local user database that supports locally defined users with OAUTH2 user authentication. NSP can also work with remote LDAP, RADIUS, and TACACS authentication agents. If NSP is integrated with NFM-P, you can import your NFM-P users into the NSP local user database.

For all local and remote users, the Users and System Security GUI lists information that includes the authentication source, the user creation time, and the most recent login time.

Note: The NSP does not support case-sensitive user names; local and remote user names are saved in lowercase. User name entry at sign-in is case-insensitive.

NSP Users and Security supports up to 5000 users, except where noted.

Remote user management

NSP supports remote LDAP (including Active Directory), RADIUS, and TACACS authentication servers.

With remote user management, the NSP first attempts to verify login attempts against the local user database. If the user account is not found locally, NSP searches the remote authentication servers (LDAP first, followed by RADIUS or TACACS). If a user account is found in an authentication source (local or remote) but fails the password check, the authentication attempt stops and does not continue to any other authentication sources.

If NSP is configured for remote user authentication with an Active Directory server, the AD users also appear as local accounts in the NSP database. However, AD users are bulk imported to NSP at system startup. The bulk import of AD users into NSP is automatic and cannot be avoided, but customers can manage the scope of the import by defining user and group filters so that only the intended AD users for access to NSP are auto-imported.

Note: NSP Users and Security supports a maximum combined total of 1000 local and remote users when Active Directory is configured.

Remote login attempts can be handled in the following ways, with regards to user group assignment:

  • If a remote user attempts to log into NSP and the remote authentication source does not specify a user group for the remote user, then the user is assigned to the NSP default user group and will have access in accordance with the roles assigned to the default user group.

  • If a remote user attempts to log into NSP and the remote authentication source does not specify a user group for the remote user, and NSP does not have a default user group configured, then the remote user login to NSP is denied.

  • If a remote user attempts to log into NSP and the remote authentication source specifies a user group for the remote user, but that user group is not configured in NSP, then the remote user login to NSP is denied.