Skip to main content

Local Authentication for Access Server VPN Users


Access Server includes a built-in authentication system. You manage your local users from the web-based interface.

Local authentication is the default authentication for current installations of Access Server. With local authentication enabled Access Server stores usernames and password hashes in the user properties database. Local authentication is a simple and portable authentication system. Should you need to move to a new server installation for Access Server, you can copy your configuration to your new installation, keeping the same users and passwords. The simplicity is in the management of users, all done through the Admin Web UI:

  1. Sign in to the Admin Web UI.

  2. Click User Management > User Permissions.

Learn about managing local users here: How to use local user authentication.

With local authentication, you can allow users to change their passwords from the Client Web UI. “Allow password change from CWS” is a setting at the user and group level.

Sign in to the Admin Web UI and make the changes depending on the access control level you want:

  • For a user: Click User Management > User Permissions > More Settings and set “allow password change from CWS” to yes.

  • For a group: Click User Management > Group Permissions > More Settings and set “allow password change from CWS” to yes.

  • At the global level: Click Authentication > Settings and set “allow local users to change password” to yes (default).