This information applies when an authentication method that relies on an authentication server is configured either for the OnBoard appliance or for a connected device. If the administrator of an authentication server configures users as members of groups as described in this section, the users do not need accounts configured on the OnBoard appliance.
For example, if user johnb is defined as a member of the admin group on a TACACS+ server, johnb can log into the OnBoard appliance as an administrative user when TACACS+ authentication is configured for the appliance, even though no user account is configured for johnb on the OnBoard appliance.
To support the use of groups with the authentication methods that support groups, the administrator must configure local groups on the OnBoard appliance using the same group names used on the authentication servers, using the Web Manager or the cycli utility.