External Authentication
Location in GUI:
System » Users and Roles » External Authentication
Diagram
Section titled “Diagram”Classes
Section titled “Classes”system_settings (catalyst_center)
Section titled “system_settings (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| external_authentication | Class | [external_authentication] | No |
external_authentication (catalyst_center.system_settings)
Section titled “external_authentication (catalyst_center.system_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | Yes | false |
| aaa_attribute | String | No |
External Authentication controls whether Catalyst Center user login is delegated to external AAA servers and which custom AAA attribute is used to map external users to Catalyst Center roles. This is distinct from Authentication and Policy Servers, which configure the global AAA/ISE servers used for network access and device management. AAA or ISE servers must be configured before external authentication can be enabled. Applicable to both SDA fabric and non-fabric deployments.
Examples
Section titled “Examples”Example-1: Enable external authentication for Catalyst Center user login with a custom AAA attribute for role mapping:
catalyst_center: system_settings: external_authentication: enabled: true aaa_attribute: memberOfExample-2: Enable external authentication using the protocol default AAA attribute (cisco-av-pair for TACACS or Cisco-AVPair for RADIUS):
catalyst_center: system_settings: external_authentication: enabled: true