Directory servers for external user authentication

Storing the user information and authenticating the users are two separate concepts with separate options

You can use the same server for storing and authenticating the users, such as when you use a Microsoft Active Directory server or an LDAP server for both tasks.

To define different IPv4 Access rules for different users and user groups with external authentication, you must integrate an external directory server with the SMC.

It is also possible to use an external authentication server without integration of an external directory server. In this configuration, the user information is not available to the firewall. You cannot add different IPv4 Access rules for different users and user groups. Instead, you add the user *external* with the external authentication methods into the internal user database, and use it to define IPv4 Access rules for authentication.