Users Management
An organization admin can effectively manage users in A10 Control to ensure the right individuals have access to the system. They can classify users in specific categories and apply RBAC to enforce least-privilege access, streamline onboarding, and maintain audit-ready accountability.
Only Organization Admins have permission to configure and manage users and their permissions settings.
In A10 Control, users can be broadly categorized into three types:
- Local Users: These users are authenticated through A10 Control’s local authentication server. Choose users when you want them to do the initial setup or when external authentication is unavailable. This provides fallback or local access, so users are not locked out if remote authentication services fail. For information, see Local Authentication and Authorization.
- External Users: These users are authenticated through an external IDP or a remote server such as Azure AD, Okta, LDAP, or TACACS+. Choose external users when your organization relies on centralized identity management or Single Sign-On (SSO). This ensures seamless integration with enterprise authentication standards and eliminates the need for duplicate identity stores. For information, see Remote Authentication and Authorization .
- Device Users: These users are created exclusively for registering ACOS devices through CLI and cannot log in to A10 Control itself. Choose device users when onboarding ACOS devices into A10 Control. This separates administrator accounts from device-registration accounts, improving security and clarity in audit trails. For information, see Manage Device Users.
Prerequisites
-
External Users: These user accounts must already exist in the external IDP or Single Sign-On (SSO) system. If access is controlled through the IDP group membership, ensure the user is added to the appropriate group. For more information, see Okta Integration and Azure Active Directory Integration.
- Email Server: It is recommended to configure an email server to automatically send login credentials over an email before.