To access NSX Advanced Load Balancer through the GUI, REST API, or CLI, a valid user account is required. Each user is assigned a role which grants permissions and access to read or write to the objects in NSX Advanced Load Balancer. You can restrict accounts to specific tenants and grant configure different roles within each tenant.

User accounts are maintained in two categories within NSX Advanced Load Balancer using an external authentication, authorization, and accounting (AAA) server. Depending on how users are authenticated, the two categories are as follows:

  1. Local users

  2. Remote users

Local Users

Local users are required to provide the username and password. The user can access CLI without entering a password by providing a valid SSH key. Local users must belong to a defined user group on the system.

Remote Users

Remote users are authenticated remotely on a service provided by LDAP, Tacas+, or SAML servers. Remote users need not belong to a user group on the system.

When both the local and remote user accounts are configured, NSX Advanced Load Balancer authenticates the credentials locally first and then authenticates the remote user account.