You require a valid user account to access NSX Advanced Load Balancer through the GUI, REST API, or CLI. Each user must also be assigned to roles which grants permissions and access to read and/or write to various objects within NSX Advanced Load Balancer. Optionally, you can restrict user accounts to specific tenants and grant roles within each tenant.

User accounts are maintained locally within NSX Advanced Load Balancer or remotely via an external AAA server. NSX Advanced Load Balancer will initially attempt to validate the account through the local authorization database and then through remote authorization.

For SSH access, the NSX Advanced Load Balancer Controller will also attempt to authenticate the user via the underlying Linux after failing to find the user in the local or remote auth databases. Users created via local or remote are not created in Linux and may not have Linux access, with the exception of the admin account.

Note:

You can disable local authentication in the NSX Advanced Load Balancer Controller if remote authentication (LDAP, TACACS, SAML and so on) is enabled. You can do so by setting the allow_local_user_login flag to False in SystemConfiguration > AdminAuthConfiguration option.