The default security method for processing authentication requests. The realm allows the protected resources on the associated server to be partitioned into a set of protection spaces, each with its own authentication authorization database. The methods can be:

- Local - Uses the local username or password database for authentication.

- RADIUS - Uses the global pool of RADIUS servers for authentication.

- TACACS+ - Uses the global pool of TACACS+ servers for authentication.

- LDAP - Uses the global pool of LDAP servers for authentication.

- RSA - Uses the global pool of RSA servers for authentication.

- SAML - Uses the SAML server for authentication.

The default realm is Local, but can be changed.

Note: If LDAP, RADIUS, or TACACS+ is specified as the default security method and the associated provider group specified in this dialog is not available to provide authentication during a user login, fallback local authentication is not executed by the APIC server unless is specifically configured to do so.


Log into the Cisco APIC Web Console:
Navigate to 'Admin' -> 'AAA' -> 'Authentication'

In the 'Default Authentication' section ensure 'Realm' is not set to 'Local'

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco_ACI.