To access NSX Advanced Load Balancer through the GUI, REST API, or CLI, a valid user account is required. Each user is assigned a role which grants permissions and access to read or write to the objects in NSX Advanced Load Balancer. You can restrict accounts to specific tenants and grant configure different roles within each tenant.
User accounts are maintained locally within NSX Advanced Load Balancer or remotely using an external AAA server.
When the same user account exists locally and remotely, NSX Advanced Load Balancer authenticates the credentials locally first and then authenticates the remote user account.
For SSH access, the NSX Advanced Load Balancer Controller will also attempt to authenticate the user after failing to find the user in the local or remote auth databases. Local and remote users are not created in Linux and may not have Linux access, with the exception of admin account.
If remote authentication (LDAP, TACACS, SAML, and more) is enabled, you can deactivate local authentication in the NSX Advanced Load Balancer Controller by deactivating the Enable Local User Login option in the Edit System Settings screen.
For authenticating users remotely to log into NSX Advanced Load Balancer. Auth Profile discusses different ways of remote authentication supported in NSX Advanced Load Balancer.