You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the General Settings page.

For details about general security settings, see the SteelHead User Guide.

These configuration options are available;

Specifies an authentication method from the drop-down list. The methods are listed in the order in that they occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.

For RADIUS/TACACS+, fallback only when servers are unavailable Select this check box to prevent local login if the RADIUS or TACACS+ server denies access, but allow local login if the RADIUS or TACACS+ server isn’t available.

When checked, indicates fallback to a RADIUS or TACACS+ server only when all of the other servers haven’t responded. This is the default setting.

When this feature is disabled, the appliance doesn’t fall back to the RADIUS or TACACS+ servers. If it exhausts the other servers and doesn’t get a response, it returns a server failure.

Creates a safety account so that admin/sys admin users can log in to the SCC even if remote authentication servers are unreachable. A safety account increases security and conforms to Defense Information Systems Agency (DISA) requirements.

Only the selected safety account will be allowed to login in cases where the AAA server isn’t reachable. (Only one user can be assigned to the safety account.)

You can create a system administrator user in the Administrator > Security: User Permissions page.

Specifies the user account from the drop-down list. The default is admin.

Specifies Remote First, Remote Only, or Local only.