Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Authentication Methods Overview

Paragon Automation can authenticate users by using different authentication methods.

You can use one of the authentication methods that are listed in this topic to log in to the Paragon Automation Web GUI.

Username and Password Authentication

Users can create a Paragon Automation account to access the Paragon Automation Web GUI. Paragon Automation authenticates the identity of users by verifying the login credentials (username and password) entered by the users. This ensures that only users with valid credentials access Paragon Automation. For more information, see User Activation and Login.

Single Sign-On

Paragon Automation can authenticate users by using single sign-on (SSO). SSO simplifies password management for users and administrators through centralized authentication by an identity provider (IdP).

A superuser can configure IdP in the Organization Settings page and map default roles in Paragon Automation to the IdP user groups. Paragon Automation supports Secure Assertion Markup Language (SAML 2.0) for SSO authentication using IdPs and Lightweight Directory Access Protocol (LDAP). The IdP asserts a user's identity and allows the user to access the Web GUI based on the user's role.

To configure SSO in Paragon Automation:

  1. Add the IdP to Paragon Automation; see Manage Identity Providers.

  2. Map users logging in by using the IdP account credentials to the predefined roles in Paragon Automation; see Manage Roles.

After IdP is configured, superuser shares the SSO URL with the users.

To sign in using SSO for the first time:

  1. User must enter the SSO URL in a browser.

    The login screen of the IdP appears.

    IdP server authenticates the user based on the sign-in method configured. For example, an approval notification is sent to the user's registered device.

  2. After the IdP server successfully authenticates the user, the user is logged in to the Paragon Automation Web GUI. Paragon Automation enforces access control on the user based on the role that the Paragon Automation superuser previously assigned for the IdP user group to which the user belongs.

Once a user is successfully authenticated, the user can avoid the process of repeated logins to access the Paragon Automation Web GUI. The user remains signed in until the authentication session expires.

RADIUS Authentication and Authorization

Note:

In this release, RADIUS authentication and authorization support is limited to configuring RADIUS on new devices onboarded to Paragon Automation and authenticating and authorizing the device during onboarding.

By using RADIUS, you can onboard devices by using credentials of users configured in a RADIUS server.

To use RADIUS, you (superuser) must:

  1. Install at least one RADIUS server in your network.

  2. Enable RADIUS authentication in Paragon Automation.

  3. Configure Paragon Automation to use the RADIUS server.

By default, Paragon Automation uses the credentials of a superuser or network administrator configured in Paragon Automation to authenticate and authorize access to and from a device (also referred to as local authentication).

When you enable RADIUS, Paragon Automation provides a set of outbound SSH commands to configure RADIUS on the device. When the device connects to Paragon Automation during onboarding, Paragon Automation connects with the RADIUS server to verify whether the connection is requested from an authorized device.

To enable and configure a RADIUS server in Paragon Automation, see Manage RADIUS Server Configurations.

Related Documentation