About authentication

N-able N-central provides several authentication methods to control user access, but the most secure and scalable path forward is moving to federated authentication with N-able Login (with Microsoft Entra ID).Whether you're setting up for the first time or moving from a legacy configuration, this is your path to enabling Single Sign-On (SSO) and centralized user management through Microsoft Entra ID.

Each authentication method - local user accounts, direct federated login through OIDC, or centralized login through N-able Login, affects how users sign in, how passwords are managed, how Single Sign-On (SSO) is implemented, and how future integrations such as Ecoverse views are supported. Choosing the right authentication method ensures secure access, streamlined user management, and compatibility with modern identity standards like OpenID Connect (OIDC).

The latest N-central capabilities - including Ecoverse features and views such as Asset Views and Vulnerability Management - are only available when using N-able Login.

Discover the paths to move from another authentication method to N-able login.

Learn how to Enroll existing users into N-able Login and view information on transitioning existing N-central Users to N-able Login with Entra ID.

How authentication works in N-central

When a user attempts to log in, N-central checks their credentials against the authentication method currently in use. This may involve:

• Verifying a local username and password stored in N-central

• Redirecting the user to an external identity provider (IdP) like Microsoft Entra ID

• Checking group membership via LDAP/Active Directory

• Prompting for a second factor (like a code or app-based approval) if MFA is enabled

N-central supports the following N-central authentication methods to align with your organization’s identity and security practices:

• Local authentication

• LDAP /Active Directory authentication

• OpenID Connect (OIDC)-based Federated Authentication (SSO)

• N-able Login

• N-able Login federated with Entra ID

Local authentication

Local authentication means that user accounts, passwords, and login policies are managed directly within N-central. This is the simplest and most self-contained option. See About local authentication.

How it works

• Admins create users in the N-central UI

• Passwords are stored and validated by N-central

• MFA can be enabled per user

Suitable for

• Small MSPs or internal IT teams

• Trial or evaluation environments

• Isolated installations not integrated with external identity systems

Considerations

• No centralized user management across platforms

• Requires manual onboarding and offboarding

• Limited to N-central only (not shared across other N-able tools)

• Does not support access to the latest N-central capabilities, including Ecoverse features and views. These are only available with N-able Login.

Active Directory/LDAP authentication

With LDAP or Active Directory integration, N-central connects to your on-premises directory service. Users log in using their Windows domain credentials. See About Active Directory authentication.

How it works

• N-central is configured to communicate with an LDAP server (typically Active Directory).

• User credentials are validated against the domain controller.

• Group membership can control access roles in N-central.

Suitable for

• Organizations using on-prem AD for internal IT identity

• Environments where cloud IdPs are not used

• Businesses with strict internal access policies

Considerations

• Requires internal network access to AD

• No built-in MFA (must be layered through other tools)

• No support for SSO across other N-able products

• Does not support access to the latest N-central capabilities, including Ecoverse features and views. These are only available with N-able Login.

OpenID Connect (OIDC)-based Federated Authentication (SSO)

This method enables Single Sign-On (SSO) by integrating N-central with a third-party Identity Provider (IdP) using OIDC. Users log in via the IdP, not directly into N-central. See Federated authentication.

How it works

• N-central is configured as a Service Provider (SP).

• The IdP (e.g., Legacy Azure AD, OKTA, Ping Identity, ADFS) handles user login.

• The IdP returns an OIDC assertion that N-central validates.

• Access is granted based on OIDC attributes and assigned roles.

Suitable for

• MSPs or enterprises with a modern identity strategy

• Organizations standardizing access via SSO and MFA

• Environments requiring strong compliance or centralized access control

Considerations

• Requires configuration on both N-central and the IdP

• Misconfigurations can lead to login issues

• Complexity increases with multiple tenants or nested roles

• Does not support access to the latest N-central capabilities, including Ecoverse features and views. These are only available with N-able Login.

N-able Login

N-able Login is the N-able unified identity system used to access multiple N-able products (N-central, Passportal, Cove, etc.) and is required to use the latest capabilities, including Ecoverse features and views. It supports centralized authentication, SSO, and MFA out of the box.

How it works

• Users sign in through the N-able Login portal

• Credentials and MFA are managed by N-able

• Role-based access is controlled per product

Suitable for

• MSPs managing multiple N-able tools

• Organizations moving to cloud-first identity

• Customers who want built-in MFA and centralized control

Considerations

• Users must be invited or migrated to N-able Login

• MFA enforcement is per-user, not per-product unless configured centrally

N-able Login federated with Entra ID

This is a federated identity configuration where N-able Login delegates authentication to Microsoft Entra ID. It combines the benefits of N-able Login and enterprise SSO.

How it Works

• N-able Login is configured to trust Microsoft Entra ID as an Identity Provider

• Users initiate login through N-able Login but are redirected to Entra ID

• After signing in with their Microsoft 365 credentials, users are redirected back with a validated token

• MFA and access policies are enforced by Entra ID

Suitable for

• MSPs and enterprises using Microsoft 365 / Entra ID

• Organizations requiring SSO + cross-product identity management

• Businesses enforcing conditional access or Microsoft security baselines

Considerations

• Initial configuration requires coordination between N-able and Entra ID

• May need tenant-level configuration in multi-organizational setups

Discover the paths to move from another authentication method to N-able login.
Learn how to Enroll existing users into N-able Login and view information on migrating existing N-central Users to N-able Login with Entra ID.