How can we help?

Best practices for managing credentials in Auvik

Follow

Auvik leverages device credentials for many core functions. To learn the basics on how to add, edit, and delete credentials from Auvik, see the Manage Credentials section. 

Leveraging the same credential across sites

If you intend to use the same credentials for devices across multiple sites you manage with Auvik, add the credentials at the global view level. Once you’ve added the credentials from the global level, they’ll be inherited by any sites and multi-sites below your global level. 

Generally speaking, Auvik recommends that you add credentials for the Cisco API, Datto API, and Meraki API from the global level. If you also leverage a common SNMP community string across sites, or device login credentials across sites, those can be added from the global level as well.

Using SNMP v2c versus SNMP v3

Auvik supports SNMP version 1, 2c, and 3. SNMPv3 is more secure as it implements authorization and encryption protocols, but common practice in network management is to use SNMP v2c. Refer to your company’s security guidelines to determine which SNMP version to use. At minimum, refer to Auvik’s guidelines on credentials to create a more secure SNMP v2c community string. 

Controlling how credentials are applied to devices

To support Auvik’s auto-discovery and ease of use capabilities, Auvik tries using all credentials that have been added to Auvik on all relevant devices until it finds the correct credential. Once Auvik finds the correct credential, that credential (SNMP, Login, WMI, VMware, etc.) is used for all subsequent communication with that specific device. In a scenario where the correct credentials haven’t been added to Auvik, all available credentials will continue to be applied. 

As an Auvik administrator, you may want to restrict which credentials are attempted against each device or device type when adding them into Auvik. To do so, simply add filters to the Devices field as shown in the screenshot below.

Screen_Shot_2020-08-27_at_21.50.38.png

We recommend that you apply filters for login credentials based on device type,, vendor, or IP address. You may also exclude a specific credential from being attempted on a device by using the “not:” filter. It typically isn’t required to apply filters for SNMP, WMI, and VMware credentials. If you do choose to apply filters for these credential types, we recommend using IP address filters or the “not:” filter. 

Leveraging the Matches field

On each Add Login Credentials modal, Auvik displays the number of devices a filter matches below the Devices field. Pay attention to how many devices match the filters you’ve applied using the number displayed below the Devices field. If the number displayed is 0, you’ve likely used the wrong identifiers in the Devices field, and these credentials won’t be used on any devices. Make sure the number is approximately the number of devices you’d expect the credential to work on.

Screen_Shot_2020-08-25_at_21.22.34.png

Was this article helpful?
5 out of 7 found this helpful
Have more questions? Submit a request