What is aaa authentication

Following authentication, a user must gain authorization for doing certain tasks. After logging in to a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies—determining what types or qualities of activities, resources, or services a user is permitted. AAA Authentication, Authorization, Accounting — AAA is a standard-based framework used to control who is permitted to use network resources through authentication , what they are authorized to do through authorization , and capture the actions performed while accessing the network through accounting.

Skip to content. Change Language. Related Articles. Table of Contents. Save Article. Once the credentials of the user are authenticated, the authorization process determines what that specific user is allowed to do and access within the premise of the network. Users are categorized to know what type of operations they are allowed to perform such as an Administrator or Guest.

The user profiles are configured and controlled from the AAA server. The last process that is done in the AAA mechanism is an accounting of everything the user is doing within the network. AAA servers monitor the resources being used during the network access.

For example, if the system charges users by the hour, the time logs generated by the accounting system can report how long the user was logged in to the router and inside the system, and then charge them accordingly. AAA is a crucial part of network security because it limits who has access to a system and keeps track of their activity. In this way, bad actors can be kept out, and a presumably good actor that abuses their privileges can have their activity tracked, which gives administrators valuable intelligence about their activities.

Network access involves blocking, granting, or limiting access based on the credentials of a user. AAA verifies the identity of a device or user by comparing the information presented or entered against a database of approved credentials. If the information matches, access to the network is granted. Device administration involves the control of access to sessions, network device consoles, secure shell SSH , and more.

This type of access is different from network access because it does not limit who is allowed into the network but rather which devices they can have access to.