This article answers frequently asked questions about Datto appliance compatibility with standard authentication methods.
- Datto SIRIS
- Datto ALTO
- Datto NAS
Can the Datto appliance be configured to use the following types of authentication?
Two-Factor Authentication (2FA): You can add 2FA access control to your Datto appliance's GUI by disabling local access via its Global Device Settings. Disabling access requires device operators to use the Datto Partner Portal to access the device GUI.
LDAP: Datto devices can authenticate to an LDAP server in the same way they authenticate to any other type of domain. You can configure LDAP within your network infrastructure.
RADIUS: Appliances in the Datto Networking suite support RADIUS. It is unsupported by SIRIS, ALTO, and DNAS devices.
SSL: Datto appliances running the IRIS 3 (Ubuntu 16.04) software stack support HTTPS and SSL. Because these devices use a self-signed certificate, you may receive a browser warning that the certificate is untrusted when accessing the appliance's GUI via HTTPS. If the device is on a managed switched network with no malicious activity, you can disregard this warning.
To enable HTTPS on a Datto appliance, access the device's GUI and navigate to Configure → Device Settings → HTTPS → Enable HTTPS. The device will generate a self-signed certificate which will negotiate a bidirectionally tunneled authentication mechanism. The exchange includes SSL.
PAP and SPAP: Not supported. PAP sends a username and password to the authentication server in plain text and is not secure. Older Unix-based servers with no support for more advanced encryption protocols used this connection method. SPAP uses a reversible encryption mechanism and is also unsecured.
CHAP: Datto appliances use CHAP authentication for iSCSI shares by default.
EAP: This form of authentication is 802.11x-based, and is only applicable to appliances in the Datto Networking suite. SIRIS, ALTO, and DNAS devices do not support EAP.
Certificate services: Not currently supported.