Authentication methods compatible with Datto appliances

Topic

This article answers frequently asked questions about Datto appliance compatibility with standard authentication methods.

Environment

• Datto SIRIS
• Datto ALTO
• Datto NAS

Description

Can the Datto appliance be configured to use the following types of authentication?

Two-Factor Authentication (MFA): You can add MFA access control to your Datto appliance's GUI.

Note that local GUI access is normally disabled by default, but if need be, you can disable local access via the device's Global Device Settings. When access is disabled, you must use the Datto Partner Portal to access the device GUI.

LDAP: Datto devices can authenticate to an LDAP server in the same way they authenticate to any other type of domain. You can configure LDAP within your network infrastructure.

RADIUS: Appliances in the Datto Networking suite support RADIUS. It is unsupported by SIRIS, ALTO, and DNAS devices.

SSL: Datto appliances running the IRIS 4 (Ubuntu 20.04) software stack support HTTPS and SSL. Because these devices use a self-signed certificate, you may receive a browser warning that the certificate is untrusted when accessing the appliance's GUI via HTTPS. If the device is on a managed switched network with no malicious activity, you can disregard this warning.

PAP and SPAP: Not supported. PAP sends a username and password to the authentication server in plain text and is not secure. Older Unix-based servers with no support for more advanced encryption protocols used this connection method. SPAP uses a reversible encryption mechanism and is also unsecured.

CHAP: Datto appliances use CHAP authentication for iSCSI shares by default.

EAP: This form of authentication is 802.11x-based, and is only applicable to appliances in the Datto Networking suite. SIRIS, ALTO, and DNAS devices do not support EAP.

Certificate services: Not currently supported.