Skip to main content
The main RADIUS workspace combines folders and users in one operational view. You can add users directly at the root, build nested folders for hierarchy, and open detail dashboards for a user or folder as your deployment grows.

Prerequisites

Before you manage users, confirm that:
  • At least one NAS device is registered if you want to test authentication immediately.
  • Groups exist for any reusable access policy you want to assign.
  • Realms exist if usernames should use suffixes such as tim@example.com.
  • You know whether users should live at the root or inside folders.

Folders

Folders are containers for users and nested folders. They are useful when you need to organize users by customer, site, region, department, plan, tenant, or operational ownership. Each folder can have:
  • A name.
  • A description.
  • A priority from 1 to 5, where 1 is highest and 5 is lowest.
  • A pinned state for quick access.
  • Nested folders and users.
The workspace shows folder and user counts, supports pagination, and preserves list state such as page size, page cursor, sort field, sort direction, group filters, and tag filters in the URL.

Create Folders

1

Open the main workspace

Go to /radius in the RADIUS app.
2

Choose Add Folder

Use the add menu to create one folder or add multiple folders at once.
3

Name the folder

Enter a clear name and optional description.
4

Set priority and pinning

Choose a priority and pin the folder if it should stay prominent.
5

Save

The folder appears alongside users in the current workspace location.

Folder Actions

From the folder list, you can:
  • Open a folder to work inside it.
  • Edit the folder name, description, priority, or pinned state.
  • Pin or unpin one or more folders.
  • Change priority for selected folders.
  • Move selected folders to another folder.
  • Merge selected folders.
  • Delete a folder when it is no longer needed.
Deleting or merging folders changes the organizational structure for nested folders and users. Confirm the destination before performing bulk moves or destructive actions.

Users

Users are individual RADIUS identities. A user can live at the root or in a folder, belong to one or more groups, inherit attributes from groups and realms, and carry user-specific attributes and metadata. When creating a user, the form supports:
  • Username.
  • Optional realm suffix through the realm picker.
  • Password or generated password.
  • Display name.
  • Folder assignment.
  • Group membership.
  • Custom check attributes.
  • Custom reply attributes.
  • Metadata.

Create Users

1

Open the target folder

Go to the root workspace or the folder where the user should live.
2

Choose Add User

Use the add menu to create one user or add multiple users.
3

Enter credentials

Enter a username and password. Use the password generator when you want the UI to create a credential.
4

Select a realm when needed

Use the @ selector for realm-backed usernames, or paste a username that already includes a realm.
5

Assign groups

Add groups so the user inherits the intended check and reply attributes.
6

Save and test

Authenticate from a NAS device, then review the user detail page or Live View.

Bulk User Creation

The bulk user workflow lets you add multiple users in one pass. Each row can include a username, password, display name, folder, group assignment, and advanced fields. Use this for first imports, customer onboarding, or batches of temporary accounts. Recommended checks before saving a bulk set:
  • Usernames are unique.
  • Passwords are present or generated.
  • Display names are readable for operators.
  • The folder is correct.
  • The selected groups match the intended policy.
For very large migrations, use the migration workflow instead of building a massive manual batch. The RADIUS backend is designed for streaming, chunked imports so large onboarding jobs can validate shared group and tag data once and process records without loading an entire file into memory.

MAC-Based Users And Auto Registration

Some NAS devices authenticate by MAC address rather than by a human-entered username and password. When the NAS sends a Calling-Station-Id or a MAC-like username, Altostrat can resolve the user by normalized MAC identity. If auto registration is enabled on the NAS, an unknown MAC-based user can be created automatically and assigned to the NAS device’s configured auto-registration group. Use this only for networks where unknown device onboarding is intentional, such as controlled MAC-auth deployments.

User Detail Page

Open a user to review and operate the account. The dashboard includes:
  • Display name and username.
  • Folder link and move-to-folder action.
  • Group membership and group management.
  • Realm link when the username matches a configured realm.
  • Credentials popover for copying username and password.
  • Status controls for active, disabled, suspended, and re-enabled states shown by the UI.
  • Edit, delete, and suspend/enable actions.
  • Time range selection for user metrics.
  • Latest session, active sessions, usage, and monthly activity where data is available.
  • Effective check and reply attributes, including inherited group attributes.
  • User logs with links back to devices.
  • Metadata fields and shortcuts.
If quota features are used in your environment, user dashboards can also show top-up and usage context from the RADIUS data model.

Move Users

You can move a user from the user detail page or select users in the workspace and choose a destination folder. Use moves when operational ownership changes, a customer migrates, or a user was created in the wrong folder.

Status And Access Controls

Use status controls carefully:
  • Active users can authenticate if their credentials and policy are valid.
  • Disabled users are marked inactive in the user form.
  • Suspended users are blocked until re-enabled through the user action menu.
  • Disconnect Session terminates the current active session when session control is available for that user and NAS.

Metadata

Metadata is custom key-value context on the user. The UI treats display_name specially by showing it as the user’s friendly name. The site_id key uses the Altostrat site picker where available. Use metadata for operator context such as customer identifiers, billing references, help desk IDs, or ownership fields. Do not store shared secrets or passwords in metadata.