User authentication

When authentication is configured and a user enters an invalid username and password combination, a message is displayed to indicate that the login was invalid.

If the user attempts to access the system multiple times with invalid information, the user must wait the configured amount of time before they can attempt to access the system again. You can configure console settings to determine the maximum number of failed logins and other related settings.

IBM® QRadar® supports the following authentication types:
  • System authentication - Users are authenticated locally. System authentication is the default authentication type.
  • RADIUS authentication - Users are authenticated by a Remote Authentication Dial-in User Service (RADIUS) server. When a user attempts to log in, QRadar encrypts the password only, and forwards the username and password to the RADIUS server for authentication.
  • TACACS authentication - Users are authenticated by a Terminal Access Controller Access Control System (TACACS) server. When a user attempts to log in, QRadar encrypts the username and password, and forwards this information to the TACACS server for authentication. TACACS Authentication uses Cisco Secure ACS Express as a TACACS server. QRadar supports up to Cisco Secure ACS Express 4.3.
  • Removed in 7.4.2 Microsoft Active Directory - Users are authenticated by a Lightweight Directory Access Protocol (LDAP) server that uses Kerberos.
  • LDAP - Users are authenticated by an LDAP server.
  • SAML single sign-on authentication - Users can easily integrate QRadar with your corporate identity server to provide single sign-on, and eliminate the need to maintain QRadar local users. Users who are authenticated to your identity server can automatically authenticate to QRadar. They don't need to remember separate passwords or type in credentials every time they access QRadar.

Prerequisite checklist for external authentication providers

Before you can configure an external authentication type, you must complete the following tasks:

  • Configure the authentication server before you configure authentication in QRadar. For more information, see your server documentation.
  • Ensure that the server has the appropriate user accounts and privilege levels to communicate with QRadar. For more information, see your server documentation.
  • Ensure that the time of the authentication server is synchronized with the time of the QRadar server.
  • Ensure that all users have appropriate user accounts and roles to allow authentication with the vendor servers.