To access Avi Load Balancer through the GUI, REST API, or CLI, a valid user account is required. Each user is assigned a role which grants permissions and access to read or write to the objects in Avi Load Balancer. You can restrict accounts to specific tenants and grant configure different roles within each tenant.
User accounts are maintained in two categories within Avi Load Balancer using an external authentication, authorization, and accounting (AAA) server. Depending on how users are authenticated, the two categories are as follows:
Local users
Remote users
- Local Users
-
Local users are required to provide the username and password. The user can access CLI without entering a password by providing a valid SSH key. Local users must belong to a defined user group on the system.
- Remote Users
-
Remote users are authenticated remotely on a service provided by LDAP, Tacas+, or SAML servers. Remote users need not belong to a user group on the system.
When both the local and remote user accounts are configured, Avi Load Balancer authenticates the credentials locally first and then authenticates the remote user account.