Adding and Modifying Authentication Methods

As a first step in the service-based processing, Policy Manager uses an authentication method to authenticate the user or device against an authentication source. You can create one or more instances of a default authentication method by assigning a unique name to each one. This customized authentication method can also be associated with a service .

Adding a Customized Authentication Method

To add a customized authentication method:

1. Navigate to Configuration > Authentication > Methods. The Authentication Methods page opens. This page displays the list of authentication methods that Policy Manager provides by default.

Figure 1  Authentication Methods Page

2. Click Add. The Add Authentication Methodpage opens.

Figure 2  Add Authentication Method Page

3. Enter the name and description of the new customized authentication method.

4. From the Type drop-down, select the authentication type.

5. Configure a customized authentication as described in the following supported methods:

Policy Manager supports TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 with the HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection., EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. , EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216., and PEAP Protected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. authentication methods.

Authorize Authentication Method

CHAP Authentication Method

EAP-FAST Authentication Method

EAP-GTC Authentication Method

EAP-MD5 Authentication Method

EAP-MSCHAPv2

EAP-PEAP Authentication Method

EAP-PEAP-Public

EAP-PWD

EAP-TLS

EAP-TTLS

MAC-AUTH Authentication Method

MSCHAP

PAP Authentication Method

TEAP Authentication Method

You can also create a new authentication method based off of an existing method by selecting any method, clicking Copy, and then modifying the copy as described in Modifying an Existing Authentication Method.

Modifying an Existing Authentication Method

To modify an existing authentication method:

1. Navigate to Configuration > Authentication > Methods. The Authentication Methods page opens.

2. Click the authentication method of interest. The Edit Authentication Method page opens.

3. Modify the selected authentication method fields as necessary.

Figure 3  Edit Authentication Method Page for EAP-FAST

4. Click Save.