Configure application authentication, authorization, and auditing

You can configure Authentication, Authorization, and Auditing (AAA) for the applications that you configure on the appliance. An authentication policy that is configured for an application defines the type of authentication to apply when a user or group attempts to access the application. If external authentication is used, the policy also specifies the external authentication server. Authorization policies configured for an application specify whether a particular user or group can access the application. Auditing policies define the audit log type, the level at which logging is performed, and other audit server settings. Authentication and auditing policies use the classic policy format.

Authentication policies, authorization policies, and auditing policies can be configured in any order. However, before you configure AAA for an application, you must configure a public endpoint for the application.

Configuring authentication for an application involves specifying an authentication FQDN, an authentication virtual server, a server certificate, and authentication and session policies. Authentication policies are automatically bound to the authentication virtual server specified for the application.

To configure authentication for an AppExpert application:

1. Navigate toAppExpert>Applications.
2. In the details pane, do one of the following:
   1. Click Add to add an authentication for a new application.
   2. Click Edit to modify an existing application.
3. In theApplicationspage, select an Application Unit.
4. In theApplication Unitslider page, click Authentication from theAdvanced Settingssection.
5. In theAuthenticationsection, select the authentication type as follows:
   1. Form based authentication
   2. 401 based authentication
   3. None
6. ClickOKand then clickDone.

Configure application authorization

You can configure authorization for users and groups to enable then to access an AppExpert application. If the AAA user or group for which you want to configure permissions has not already been created, you can create it from AppExpert and then configure permissions for application access.

To configure permissions for a AAA user or group to access an AppExpert application:

1. Navigate toAppExpert>Applications.
2. 在详细信息窗格中,单击AppExpert双向视频on for which you want to configure a user or group access.
3. In theApplicationspage, and then click Authorization. from theAdvanced Settingssection.
4. Do one of the following:

   • If the AAA user or group for which you want to configure permissions are already in the Groups/Users tree, drag the user or group from the Groups/Users tree to the Users or Groups node in the application tree. Then, right-click the user or group and click Allow.

   • If the AAA user or group for which you want to configure permissions is not configured on the appliance, in the application tree, right-click Users or Groups, and then click Add. In the Create AAA Group or Create AAA User dialog box, fill in the values, click Create, and then click Close.

     The user or group is created with the permission set to Allow. To change the permission setting, right-click the group or user, and then click the permission setting.

5. ClickDoneand then clickClose.

Configure application auditing

When you configure auditing policies for an application, you must specify the server to which the log messages must be directed, the format of the messages logged, and the log level. Optionally, you can configure other settings, such as the log facility and date format. Auditing policies are automatically bound to all the AppExpert application’s public endpoints.

To configure auditing policies for an application:

1. Navigate toAppExpert>Applications.
2. In the details pane, click the application for which you want to configure auditing policies.
3. In the Application Unit slider page, click + icon in thePoliciessection to configure the auditing policies.
4. In thePoliciesslider page, select policy type as Syslog auditing or Nslog auditing and clickContinue.
5. In the Policy binding section, set the following parameters.

   1. Select a policy for binding. If you do not have a policy for binding. click + to create a new policy.

   2. To create a new auditing policy, under Policy Name, clickNew Policy,and then, in thePolicypage do the following:

      1. In the Name box, type a name for the policy.
      2. The Name box already contains the string that is required at the beginning of the server name. You cannot modify the string.
      3. From the Auditing Type list, select the auditing type (either SYSLOG or NSLOG).
      4. If the audit server you want to specify is already listed in the Server list, select the server from the list, and then, if you want to modify the server settings, click Modify. In the Configure Auditing Server dialog box, modify the settings as appropriate, and then click OK. For more information about the settings in the Configure Auditing Server dialog box, seeAuditing Authenticated Sessions.
      5. If you want to configure a new audit server, click New, and then, in the Create Auditing Server dialog box, type a name for the server, specify the server IP address, port number, and other settings as appropriate. When finished, clickOK.
      6. ClickCreate.

   3. To change the priorities for the new auditing policies you created, under Priority, for each policy for which you want to change the priority, double-click the priority value and type new priority value.

   4. To regenerate priorities, clickRegenerate Priorities.

   5. To unbind a policy, click the policy, and then clickUnbind Policy.

   6. To modify a policy, click the policy, and then clickModify Policy.

6. ClickApply Changes,and then clickClose.

Disabling AAA for an Application

After you configure AAA for an application, you can disable the AAA configuration for that application. When you disable AAA for an application, the configuration is not lost. You can enable AAA for the application when you want to reapply the configuration.

To enable or disable AAA for an application:

1. Navigate toAppExpert>Applications.
2. In the details pane, click the application for which you want to enable or disable AAA, and then do one of the following:
3. To disable AAA for the application, clickTurn Off AAA.
4. To enable AAA for the application, clickTurn On AAA.