AFA users and roles

Relevant for: AFA Administrators

This section describes the users, roles, permissions, and authentication supported in AFA, and how AFA administrators can manage AFA users and roles.

AFA users and roles provide the basis for authentication across both AFA and FireFlow.

AFA authentication

ASMS supports authentication via an LDAP or RADIUS authentication server, Single Sign On (SSO), or the local AFA database.

Configuring an authentication server or SSO provides additional functionality, such as associating each AFA role with a specific LDAP group. In such cases, users are automatically assigned roles according to their LDAP group membership.

Note: When an authentication server or SSO is configured, user credentials and roles are managed on the external server. In such cases, any changes made directly in AFA are overwritten the next time the user logs in.

For more details, see:

Back to top

AFA user types and permissions

AFA supports the following types of users:


Can perform any task.

For example, in addition to the tasks that non-administrative users can perform, administrators can also:

  • Manage other users
  • Define and edit monitored devices
  • Configure AFA general settings and preferences
  • Schedule AFA analyses.
Non-administrator privileged users Can run analyses, generate reports, view policies and reports, view network map and monitoring changes, and run traffic simulation queries.

Each user is assigned one of the following access levels as part of their default permission profile:

Standard Access Enables users to view existing reports, run traffic simulation queries, initiate new device analyses, and use the customization features such as customizing the topology.
ReadOnly Access Enables users to view existing reports and run traffic simulation queries on these reports.

Prevents users from having any access at all to reports.

This access level is automatically applied to all devices that the user is authorized to view; however, you can override the default access level on a per-device basis. Permissions and access levels can additionally be managed using AFA roles. All users assigned a role inherit the permissions and access levels specified for the role.

For more details, see Manage users and roles in AFA.

Back to top