Skip to main content

Local Authentication for Access Server VPN Users

Abstract

Access Server includes a built-in authentication system. You manage your local users from the web-based interface.

Local authentication is the default authentication for current installations of Access Server. When you use local authentication for user accounts, Access Server stores usernames and password hashes in the user properties database. Local authentication is a simple and portable authentication system. Should you need to move to a new server installation for Access Server, you can copy your configuration to your new installation, keeping the same users and passwords. The simplicity is in the management of users, all done through the Admin Web UI:

  1. Sign in to the Admin Web UI.

  2. Click User Management > User Permissions.

How to use local user authentication

Use these resources for more on local user authentication:

How to create user groups

Access Server provides access control levels at the user, group, and global levels. Creating groups allows you to manage local users with group-specific settings:

Add extra security with MFA

Access Server has built-in support for adding multi-factor authentication (MFA) for local users with a TOTP MFA app. Find more information here:

With local authentication, you can allow users to change their passwords from the Client Web UI. “Allow password change from CWS” is a setting at the user and group level.

Sign in to the Admin Web UI and make the changes depending on the access control level you want:

  • For a user: Click User Management > User Permissions > More Settings and set “allow password change from CWS” to yes.

  • For a group: Click User Management > Group Permissions > More Settings and set “allow password change from CWS” to yes.

  • At the global level: Click Authentication > Settings and set “allow local users to change password” to yes (default).