Configure AAA settings to control authentication, authorization, and accounting policies for user access and session management in Crosswork Network Controller.
Users with relevant AAA permissions can configure the AAA settings.
Configure these settings when you need to establish or update how users are authenticated, what resources they can access, and how their activities are tracked. Proper AAA settings help safeguard network resources and ensure compliance with organizational access policies.
Before you begin
-
Ensure you have administrator permissions or equivalent AAA configuration rights.
-
Review your organization's authentication and password policy requirements.
-
Gather information about external authentication servers (if applicable).
-
Notify affected users of possible session interruptions during configuration changes.
Procedure
| 1. | From the main menu, choose . |
|
| 2. | Select the relevant setting for Fallback to local. By default, Crosswork Network Controller prefers external authentication servers over local database authentication.
|
|
| 3. | Under Browser session timeout, select the relevant value for the Log out inactive users after field. Any user who remains idle beyond the specified limit will be automatically logged out. This timeout is enforced by the system and applies even if the user closes the browser tab without explicitly logging out. If no activity (token usage) is detected after the tab is closed, the session expires after the configured timeout. For example, with a 10-minute timeout, if a user closes the browser tab after 5 minutes of activity, the user must log in again if they return after 10 minutes.
|
|
| 4. | Under Parallel session, enter relevant values for the Number of parallel sessions and Number of parallel sessions per user fields.
|
|
| 5. | Under Source IP, enable auditing of user source IP addresses. |
|
| 6. | Select the relevant settings for the Local password policy. Certain password settings are enabled by default and cannot be disabled (for example, Change password on first login).
|