12.8.4. Configuring authentication profiles

You configure auth profiles at the users auth-profile level.

To create an auth profile, use the following command:

Admin@UGOS# create users auth-profile

Provide the following parameters:




Profile name.


Profile description.


Specify the multifactor authentication profile (if it is required). An MFA profile you specify must be already created. For more details about creating MFA profiles using CLI, see Configuring MFA (multifactor authentication) profiles.


Idle time before disconnection (in seconds). After the specified time without activity the user's status will change to Unknown user.


Authorized user time-to-live (in seconds). After the specified time the user's status will change to Unknown user and they will have to authorize again on the Captive portal.


Max authorization failures through the Captive portal allowed before the user account is locked.


Time (in seconds) for which the user account is locked if the specified number of max failures is reached.


Authentication method:

  • local-user-auth: authentication using the local user database.

  • policy-accept: no authentication is required, but the user must agree to the network usage policy before accessing the Internet. This is used with the Captive portal profile which uses the Captive portal policy authorization page.

  • http-basic: authentication using the HTTP Basic method.

  • ldap: authentication using an LDAP connector.

  • radius: authentication using a RADIUS server.

  • tacacs: authentication using a TACACS+ server.

  • ntlm: authentication using an NTLM server.

  • saml-idp: authentication using an SAML IDP server.

To update an auth profile settings, use the following command:

Admin@UGOS# set users auth-profile <auth-profile-name>

The list of parameters available to update is the same as for the create command.

You can use the command line interface to delete an entire profile or individual authentication methods specified in a profile. To do this, use the following commands.

To delete an authentication profile:

Admin@UGOS# delete users auth-profile <auth-profile-name>

To delete authentication methods configured in a profile, you need to specify an authentication method (available methods are listed in the table above):

Admin@UGOS# delete users auth-profile <auth-profile-name> auth-method