TACACS+ authorization
A user who does not have a NetProfiler account logs in by entering the login name and password that are specified on the TACACS+ server. NetProfiler sends this information to the TACACS+ server in an authentication and authorization request.
If the TACACS+ server can authenticate the user’s login name and password, it sends a "request accepted" code back to NetProfiler, along with the authorization attribute value. (For a Restricted user, the restrictions are sent also. more)
The authorization attributes and values must be specified in the Configuration > Account Management > Remote Authentication page TACACS+ tab Role-Attribute Mapping section.
When NetProfiler finds a match between the TACACS+ value of an authorization attribute and the NetProfiler value of the same attribute, it logs the user on to NetProfiler and authorizes the matching user role. If no match is found, then the login attempt fails.
When NetProfiler logs the user on, it automatically creates an account for the user. However, subsequent logins by the TACACS+ user do not create multiple NetProfiler accounts for the user.