If you create more than one realm, you must specify one as the default.
After you create a realm and associate it with an external authentication server, you can either add one or more
communities to the realm or use the preconfigured Default community. If you create and save a realm without
assigning a community to it, AMC automatically assigns the Default community to the realm. See Using the Default Community and also Adding, Editing, Copying, and Deleting Objects in AMC.
In the AMC, navigate to User Access > Realms.
Click + New realm.
The Configure Realm page displays with the General settings displayed.
In the Name field, type a meaningful name for the realm. If users are required to select a realm name
when logging in to the VPN, make sure the name clearly describes the user population.
In the Description field, type a descriptive comment about the realm. This is optional, but helpful,
especially if your VPN uses multiple authentication realms.
The text you enter in this field is displayed in
the list of realms.
Enable or disable this realm by selecting the appropriate Status.
See Enabling and Disabling Realms for
If you want this realm to appear in the list seen by your users (recommended in most cases), select the Display this realm checkbox.
From the Authentication server drop-down menu, select the Authentication Server used to verify a user’s identity. You must select a server.
You can also click New to display the Authentication Servers > New Authentication Server page for configuring a new authentication server and referencing it in the realm. For more information, see Configuring Authentication Servers.
If you want to save accounting information about this realm, select the Enable accounting records checkbox. When selected, all RADIUS, syslog, and routing changes are saved.
Click Advanced to display the advanced settings.
Set up the appliance to use a second authentication server and create a customized Acceptable Use
Policy (AUP). There are two ways to set up a second authentication server:
In the Acceptable Use Policy area, select the Users must acknowledge a message before connecting to
this realm checkbox to force users to agree to an Acceptable Use Policy before being allowed to log in to
In the Title field, type in the title of the AUP, up to 50 characters.
In the Message field, type in the AUP message to which the user needs to agree, up to 64,000 characters.
For the Style setting, select one of these radio buttons:
- Use policy (Agree/Disagree) – The use policy agreement is displayed, and the user must click the Agree button to continue connecting. If Disagree is clicked, the session is ended.
- Message (Acknowledge) – The message is displayed, and the user clicks the OK button to
In the Configure CAPTCHA area, check the Enable CAPTCHA checkbox to require WorkPlace users to
enter CAPTCHA characters in addition to a user name and password during login.
The CAPTCHA prompt is
displayed on the WorkPlace login page only if CAPTCHA is enabled here.
CAPTCHAs are effective in preventing these types of malicious program attacks on password systems:
- A bot that attempts to login by guessing the username/password by iterating through a dictionary
of password possibilities.
A denial-of-service attack from a bot that attempts to lock out user accounts by forcing a
sequence of numerous unsuccessful logins.
This prompt is displayed and CAPTCHA can be enabled only when the captchaCapable option is enabled in the
A CAPTCHA is configured at the realm level across all WorkPlace access methods and all authentication
service configurations (local Auth, LDAP, Active Directory, RADIUS). The CAPTCHA consists of 6
alphanumeric characters that are not case sensitive.
Remember the following when using CAPTCHA:
In chained authentication mode, CAPTCHA is shown only for the primary authentication
CAPTCHA cannot be enabled on a Realm with token-based or certificate-based authentication. The CAPTCHA configuration section is disabled in these cases.
In the Group authorization area, check the Enable group affinity checking checkbox and select the
server from the Server drop-down menu to perform a group affinity check against an LDAP or Active
To add a new authentication server, click the New button to configure a new server as explained in Configuring Authentication Servers.
You can add user communities to the realm (see Adding Communities to a Realm). If you create and save
a realm without assigning a community to it, AMC automatically assigns the global Default community to
the realm. For more information, see Using the Default Community.
For information on how to edit, copy, and delete communities, see Adding, Editing, Copying, and Deleting Objects in AMC.