NSP has a local user database that supports locally defined users with OAUTH2 user authentication. NSP can also work with remote LDAP, RADIUS, and TACACS authentication agents. If NSP is integrated with NFM-P, you can import your NFM-P users into the NSP local user database.

For all local and remote users, the Users and System Security GUI lists information that includes the authentication source, the user creation time, and the most recent login time.

Note: The NSP does not support case-sensitive user names; local and remote user names are saved in lowercase. User name entry at sign-in is case-insensitive.

NSP uses Keycloak-based OAUTH2 user authentication, which supports locally-defined user accounts for NSP access. The NSP local user database supports up to 5000 users.

NSP supports remote LDAP (including Active Directory), RADIUS, and TACACS authentication servers.

With remote user management, the NSP first attempts to verify login attempts against the local user database. If the user account is not found locally, NSP searches the remote authentication servers (LDAP first, followed by RADIUS or TACACS). If a user account is found in an authentication source (local or remote) but fails the password check, the authentication attempt stops and does not continue to any other authentication sources.

Remote login attempts can be handled in the following ways, with regards to user group assignment:

• If a remote user attempts to log into NSP and the remote authentication source does not specify a user group for the remote user, then the user is assigned to the NSP default user group and will have access in accordance with the roles assigned to the default user group.

• If a remote user attempts to log into NSP and the remote authentication source does not specify a user group for the remote user, and NSP does not have a default user group configured, then the remote user login to NSP is denied.

• If a remote user attempts to log into NSP and the remote authentication source specifies a user group for the remote user, but that user group is not configured in NSP, then the remote user login to NSP is denied.