Applies to NAM 2018+
This information is essential to installing or upgrading to NAM 2018 or later.
For a successful NAM deployment, you must follow the network configuration instructions here.
- The NAM Console and NAM Server use SAML 2.0 to manage user credentials (all sign-on activity) within your NAM deployment.
- All users accessing the NAM Server (via NAM Server public URL) are automatically redirected to the NAM Console for authorization.
- To be authorized by the NAM Console, all users must have access to both the NAM Server public URL and NAM Console public URL.
Network requirements for NAM Server and NAM Console
When installing the NAM Console and NAM Server, you have to provide public URLs and private addresses:
- Public URLs
Public URLs are required for authorizing users. Users accessing a NAM Server must have access to that NAM Server's public URL and to the NAM Console public URL, because each NAM Server user is transparently redirected to the NAM Console public URL for authentication and then back to the NAM Server public URL.
- Private addresses
Private addresses are used for internal communication between NAM components. All configuration and maintenance communication goes over these private addresses. They do not need to be accessible to users.
- The default port for the NAM Console private address is 4183. The port for the public URL for the NAM Console can be different. If your port for the public NAM Console URL is different from the port for the private NAM Console address, specify the port along with the public URL (for example,
Make sure that all NAM Servers in your deployment are able to communicate with the NAM Console. Otherwise, NAM Server users will not be able to sign in.
Network topology with default configuration
Using the default configuration, there is no external IdP. The NAM Console manages all user authentication, which is why all your NAM Server users need network access to the NAM Console.
Console sign-on without external IdP:
Server sign-on without external IdP:
Authentication details in default configuration:
Network topology with external IdP
Using the external IdP configuration (optional), all user authentication goes through the NAM Console and then to the external IdP. The external IdP manages user authentication, but all your NAM Server users need network access to the NAM Console.
Console sign-on with external IdP:
Server sign-on with external IdP:
Authentication details for external IdP:
More on SSO
- SSO terminology explains a few SSO-related terms.
- Single sign-on (SSO) is an overview of SSO and NAM.
- How user authentication has evolved in NAM explains how user authentication has changed over recent releases.
- Using an external identity provider describes how to integrate NAM with an external service for SSO.
- Service Providers Management lists all NAM Server instances associated with your NAM deployment. Under normal conditions, its functions are all managed automatically.
- SSO metadata is a diagnostics and maintenance tool for SSO. Under normal conditions, its functions are all managed automatically.