Local Users

From Edge Threat Management Wiki - Arista
Revision as of 22:38, 7 May 2021 by Bcarmichael (talk | contribs) (→‎Local Users)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Local Users

Local Users stores a list of users that can be used by the applications. For example, Captive Portal and OpenVPN can use the local directory to authenticate users.

To add new users click on the Add button. You must supply a username, first name, last name, email address, and password. Only the administrator can set the password for a given user. Users can be imported or exported using the import/export buttons on the upper right.

An expiration date can be specified for a user. If the expiration date has passed that user will no longer be authenticated.

To use the Local Directory, configure apps such as Captive Portal and OpenVPN to authenticate against the Local Directory while requiring user authentication.

MFA and OpenVPN

You can enable TOTP based multi factor authentication for OpenVPN client connections. When adding a user, select Enable MFA for OpenVPN and click Generate new key.

Local Directory User MFA
Local Directory User MFA

After generating a key, click the gear icon to show the QR code. Use the generated code in any TOTP mobile app such as Google Authenticator. The TOTP app generates a temporary that the user enters into their OpenVPN client. Note: You must also enable MFA for client configurations in OpenVPN.

Local Directory User MFA
Local Directory User MFA


WARNING: Typically, when passwords are stored, password hashes are saved and the original cleartext password is forgotten so administrators do not have access to user passwords. However, The passwords for users that are stored in the local directory are stored in cleartext because some applications and features (L2TP) depend on access to the cleartext password. Administrators do have access to cleartext user passwords and caution is advised.