Trusted access controller

This help contains the following topics:

Introduction

The device can direct received user requests to a trusted access controller for identity authentication, and then verify whether the users passing the authentication are authorized to access the requested resources.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Configure a trusted access controller

  1. Click the LB tab.

  2. In the navigation pane, select Zero Trust > Trusted Access Controller.

  3. Click Create.

    Figure-1 Trusted access controller page

  4. Configure the trusted access controller parameters.

    Figure-2 Adding a trusted access controller

    Table-1 Trusted access controller configuration items

    Item

    Description

    Name

    Enter the name of the trusted access controller, which is a case-insensitive string.

    Local service URL

    Enter the local service URL that is used to collaborate with the trusted access controller. The trusted access controller can use the local service URL to notify the device of user offline and user permission change events. The local service URL must be in the format of protocol type://server IP address:port number.

    • The protocol type can be HTTP or HTTPS.

    • The server IP address must be an IPv4 address in the current software version.

    On a device, you cannot configure local service URLs with the same server IP address and port number for different trusted access controllers.

    You cannot specify the same server IP address and port number for both the local and peer service URLs of a trusted access controller.

    Peer service URL

    Enter the peer URL that provides external authentication services. The device can use the peer service URL to perform registration and user permission authorization with the trusted access controller. The peer service URL must be in the format of protocol type://server IP address:port number.

    • The protocol type can be HTTP or HTTPS.

    • The server IP address must be an IPv4 address in the current software version.

    On a device, you cannot configure peer service URLs with the same server IP address and port number for different trusted access controllers.

    You cannot specify the same server IP address and port number for both the local and peer service URLs of a trusted access controller.

    SSL client policy

    Specify the SSL client policy used by the trusted access controller to encrypt traffic exchanged with the device (SSL client).

    You can select an existing SSL client policy or create a new SSL client policy.

    SSL server policy

    Specify the SSL server policy used by the trusted access controller to encrypt traffic exchanged with the device (SSL server).

    You can select an existing SSL server policy or create a new SSL server policy.

    Authentication service function

    Enable or disable the authentication service.

    Description

    Enter the description of the trusted access controller.

  5. Click Apply.

    The trusted access controller will be displayed on the trusted access controller page.

  6. Specify the trusted access controller for a trusted application proxy or trusted API proxy.

    For more information, see the help for trusted application proxy or trusted API proxy.