F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. BIG-IQ Centralized Management: Authentication, Roles, and User Management
  5. RADIUS User Authentication
Manual Chapter : RADIUS User Authentication

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

RADIUS User Authentication

Use my RADIUS server to authenticate BIG-IQ users

F5 BIG-IQ Centralized Management can verify user credentials against your company's RADIUS server. After you set up BIG-IQ to use your RADIUS server, you can add users and user groups authorized by that server.

Before integrating BIG-IQ with your RADIUS server for authentication and authorization

Before you set up BIG-IQ Centralized Management for authentication and authorization with your RADIUS server, gather the following information.

Required Information This is
Name The name of your RADIUS server.
Host The IP address or host name of your RADIUS server.
Port The port number of your RADIUS server.
Secret The case-sensitive text string used to validate communication.
Test user name and password A user name and password, authenticated on your RADIUS server.
Key and Value properties for your RADIUS server The RADIUS server uses this for authentication and encryption.

Set up BIG-IQ to use my RADIUS server for user authentication and authorization

Before you can set up authentication and authorization for BIG-IQ users, you must have specified your DNS settings. You usually do this when you license F5 BIG-IQ Centralized Management.

You can set up BIG-IQ to use authenticate and authorize BIG-IQ users through your company's RADIUS server. You can also add up to two additional backup RADIUS servers in case the primary server is not available.

  1. At the top of the screen, click System.
  2. On the left, click USER MANAGEMENT > Auth Providers .
  3. Click the Add button.
  4. From the Provider Type list, select RADIUS.
  5. In the Name field, type a name for this new provider.
    This must be a unique name, and can be a maximum of 152 characters.
  6. For the Servers setting, In the Host and Port fields, type the RADIUS server's IP address (or fully qualified domain name) and port number for each of the servers you want to configure.

    The primary server is mandatory. A secondary server and tertiary server, which will be used if the primary or secondary servers fail, are optional.

  7. In the Secret field, type the case-sensitive text string used to validate communication.
  8. In the Test User and Test Password fields, type a user and password, then click the Test button to verify that BIG-IQ can reach the RADIUS server
  9. Click the Save & Close button at the bottom of the screen.
You can now associate RADIUS server users and groups with BIG-IQ system roles.

Add a user authenticated by my RADIUS server and associate it with a role

If you want to add a user authenticated against your RADIUS server, you first have to set up F5 BIG-IQ Centralized Management with your RADIUS server settings.

Once you understand exactly who you want to perform certain tasks, you can provide them access to particular areas of BIG-IQ by adding them as a user and assigning the appropriate built-in or custom role. You can assign as many roles as required to cover the user's responsibilities.

For the RADIUS-authenticated user to access BIG-IQ, you must put the local user in a BIG-IQ role, or put in a role a local group mapped to one of the user’s groups on the RADIUS server.

  1. At the top of the screen, click System.
  2. On the left, click USER MANAGEMENT > Users .
  3. Click the Add button.
  4. From the Auth Provider list, select RADIUS.
  5. In the User Name field, type the name for this user.
  6. In the Full Name field, type a name to identify the user from BIG-IQ.

    The full name can contain a combination of letters, symbols, numbers and spaces.

  7. For the Roles setting, from the Available list, select each user role you want to associate with this user, and move it to the Selected list.
    Important: Be sure to let your users know that their access to certain parts of the BIG-IQ user interface depends on which role they are assigned.
  8. Click the Save & Close button.
Important: If this BIG-IQ is part of an HA pair, you must log in to the secondary BIG-IQ system, click System -> BIG-IQ HA, click the BIG-IQ HA Settings button, then click the Log Out & Refresh button. This procedure is required because BIG-IQ handles users and user groups differently than other data synchronized between BIG-IQ systems in an HA pair. If you don't perform this procedure, this new user cannot successfully log in to the secondary system.

Create a RADIUS-authenticated user group

Before you can add a RADIUS-authenticated user group, you must set up BIG-IQ to use your company's RADIUS server for user authentication on the USER MANAGEMENT > Auth Providers screen.

Create a user group to offer individual users the same privileges on F5 BIG-IQ Centralized Management. This user group will be authorized by your RADIUS server.
Important: If a user does not belong to a RADIUS-authenticated user group, authentication will fail.
  1. At the top of the screen, click System.
  2. At the left, click USER MANAGEMENT > User Groups .
    The User Groups screen opens.
  3. Click the Add button.
  4. In the Name field, type a name for this new user group.
  5. From the Auth Provider list, select RADIUS.
  6. In the Attribute and Value fields, type the properties for your RADIUS server.
    Note: You can find the authorization values in your RADIUS server's dictionary.
  7. From the -[[-[[-[[+[[Available ]]+]]-+[[Available ]]+]]-+[[Available ]]+]]-+[[Available ]]+Roles list, select the user roles that have the privileges you want to grant to this user group and move them to the Selected list.
  8. Click the Save & Close button.
Important: If this BIG-IQ is part of an HA pair, you must log in to the secondary BIG-IQ system, click System -> BIG-IQ HA, click the BIG-IQ HA Settings button, then click the Log Out & Refresh button. This procedure is required because BIG-IQ handles users and user groups differently than other data synchronized between BIG-IQ systems in an HA pair. If you don't perform this procedure, this new user cannot successfully log in to the secondary system.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information