Skip to main content
Realms let you apply policy from the username itself. When a user authenticates with a username such as tim@example.com, the RADIUS UI can match example.com and apply the groups attached to that realm.

Prerequisites

Before you create a realm, confirm that:
  • You know the realm suffix users will authenticate with.
  • The groups you want to apply already exist.
  • The NAS sends usernames in the expected format.
  • You have a test user that can authenticate with the realm suffix.

How Realms Work

A realm is a normalized suffix. The form strips a leading @, removes whitespace, lowercases the value, and accepts letters, numbers, dots, and hyphens. Examples:
  • example.com
  • staff.example.com
  • reseller-1.example.com
When users authenticate with matching usernames, the realm groups are applied automatically. The realm detail page shows assigned groups and metadata, and the user detail page links back to the matching realm when one is detected.

Create A Realm

1

Open Realms

In the RADIUS app, open Settings and select Realms.
2

Add the realm

Enter the suffix, such as example.com. The UI displays the realm with an @ prefix.
3

Add a description

Use the description to explain who owns the realm or why it exists.
4

Assign groups

Select the groups that should apply to matching users.
5

Save and test

Authenticate with a username that includes the realm suffix, then review the user detail page and Live View.

Assign Groups To A Realm

Realm groups are applied automatically to matching users. Use them for policy that belongs to a domain, tenant, partner, or customer namespace rather than to a single user. Good realm group examples:
  • Default access policy for a customer domain.
  • Common vendor attributes for a partner-managed network.
  • Shared quota behavior for a tenant.
  • Standard reply attributes for a staff realm.

User Creation With Realms

When adding a user, the username field includes an @ realm picker. You can select an existing realm or paste a username that already contains a realm suffix. The UI keeps the local username and selected realm aligned. If you create a user without selecting a realm, the user can still belong to groups directly. Realms are only needed when suffix-based policy should apply.

Edit Or Delete A Realm

From the realm detail page, you can:
  • Edit the realm name and description.
  • Add or remove groups.
  • Update metadata.
  • Delete the realm.
Deleting a realm stops matching users from automatically inheriting that realm’s group attributes. Users can still retain directly assigned groups.

Troubleshooting Realm Matches

If realm groups are not appearing where you expect:
  • Confirm the username includes the suffix.
  • Confirm the realm value is normalized without a leading @.
  • Confirm the NAS is not rewriting usernames before sending them.
  • Confirm the realm has groups assigned.
  • Open the user detail page and check whether the realm badge links to the expected realm.