Open topic with navigation

Add User Auth

Create and configure a user authentication method for logging in to A10 Control. Choose an authentication protocol from the supported options and provide the required connection details.

To create and configure user auth:

  1. On the User Auth page, click + Add.

  2. On the Add User Auth page, select an Authentication Protocol from the following options and provide its configuration details:

    ClosedLocal Authentication

    This is the default selection.

    To configure local authentication and authorization for your organization, see Local Authentication and Authorization. No additional configuration is required on the User Auth page.

    ClosedLDAP

    Enter the following details to configure LDAP authentication and authorization:

    Table 38 : LDAP User Auth Fields

    Field

    Description

    Hosts

    One or more comma-separated LDAP server hostnames or IPv4/IPv6 addresses in the following format:

    ldap://<hostname>:<port> for LDAP (default port: 389)

    ldaps://<hostname>:<port> for LDAPS (default port: 636)

    If you use a Fully Qualified Domain Name (FQDN), ensure DNS servers are configured correctly in A10 Control.

    Authorization Scheme

    Defines how users are located in the LDAP directory. Select an option:

    • Use User DN

      A user is searched directly using a DN pattern, where the uid or cn is dynamically replaced with the login name.

    • Use Search DN

      A base DN is defined from which the user search begins.

      Example: ou=users,dc=companyname,dc=com.

      Do not include uid or cn here. Instead, specify the login attribute in Login Attributes.

    DN Pattern

    A pattern that defines how the user DN is constructed when Use User DN is selected. Example: uid={0},ou=users,dc=companyname,dc=com.

    Login Attributes

    The LDAP attribute that uniquely identifies the login user. This value is used as the A10 Control username.

    Example: uid.

    Admin DN

    The full DN of an administrative LDAP user authorized to perform search and bind operations.

    Admin Password

    The corresponding password for the Admin DN.

    After entering the password, click Validate to test the connection to the specified LDAP host.

    Advanced Configuration

    User First Name Attribute

    (Optional) The first name of the user on the LDAP server.

    Example: cn

    User Last Name Attribute

    (Optional) The last name of the user on the LDAP server.

    Example: sn

    Group Name Attribute

    The value used to identify group names.

    Example: cn

    Group Object Class

    The object class that defines group entries.

    Example: groupOfUniqueNames

    User Object Classes

    The LDAP objectClass used to identify user entries required for A10 Control authentication.

    Example: inetOrgPerson

    Enter Server Certificate

    The base64-encoded server certificate from the LDAP or LDAPS administrator.

    NOTE: If the LDAPS server uses a self-signed certificate, you must upload the LDAPS server certificate. Otherwise, the connection fails.
    Updates to the truststore take effect only after the system completes a service restart.

    Group Base DN

    The base DN that defines the search scope for A10 Control group entries.

    Example: ou=departments,dc=companyname,dc=com

    Group Membership of User

    Defines how group membership is determined. Select an option:

    • User Entry: Group membership is stored in the user object.

    • Group Entry: Group membership is stored in the group object.

    Group Membership Attribute

    If Group Entry is selected, specify the attribute in the group object that lists its members.

    Example: memberOf, uniqueMember, or isMemberOf

    User Membership Attribute

    If User Entry is selected, specify a case-sensitive attribute in the user object that identifies the user and is referenced by the Group Membership Attribute.

    Example: cn, uid, or dn
    ClosedOpenID Connect (OIDC)

    Enter the following details to configure OIDC authentication and authorization:

    Table 39 : OIDC User Auth Fields
    Field Description

    IDP Name

    Identity Provider option:

    • Azure
    • Okta

    Client URL

    The Issuer URI value (saved during the Azure or Okta configuration).

    App Key

    The Client ID value (saved during the Azure or Okta configuration).

    Secret Key

    The Client Secret value (saved during the Azure or Okta configuration).
    ClosedTACACS+

    1. Enter the following details to configure TACACS+ authentication and authorization:

      Table 40 : TACACS+ User Auth Fields
      Field Description

      Host

      A TACACS+ server hostname, FQDN, or IPv4/IPv6 address.

      If you use a Fully Qualified Domain Name (FQDN), ensure DNS servers are configured correctly in A10 Control.

      Port

      The port number used for TACACS+ communication (default port: 49).

      Retries

      (Optional) Number of connection attempts before failure (default: 3).

      Timeout

      (Optional) Time interval in seconds before the request expires (default: 3).

      Shared Secret

      Secret key for secure communication between TACACS+ server and A10 Control.

      Authorization Attribute

      The attribute in the TACACS+ configuration file (/etc/tac_plus.conf) that provides role mapping details.

      For example: A10-Contol-Access-Groups
    2. Click Validate to test the TACACS+ connection.
      1. Enter a TACACS+ server username and password.

      2. Click Validate again to confirm authentication.

        A success message is displayed.

  3. Click Update to save the configuration.

    A floating notification ‘<Authentication Protocol> information updated successfully’ appears.
    The new user auth configuration is now displayed on the User Auth page.

COMPANY INFORMATION: Copyright © 2025 A10 Networks, Inc. All Rights Reserved. Legal Notice