What is AAA authentication, authorization, and accounting?
Let me walk you through AAA, because when you’re managing access to a network, you need to make sure every user is verified, permitted, and monitored properly. AAA stands for Authentication, Authorization, and Accounting. These three steps work together to secure the network, and you use them all the time whether you realize it or not.
Here’s how AAA works step by step:
| Function | What It Does | What You Do |
|---|---|---|
| Authentication | Verifies the identity of the user or device trying to access the network. | You provide your credentials—like a username and password—and the system checks if they match stored records. |
| Authorization | Determines what actions or resources the authenticated user is allowed to access. | After you’re authenticated, your access rights are checked based on your role or assigned permissions. |
| Accounting | Tracks your activity on the network, including session time, accessed resources, and data usage. | Everything you do—like which files you open or how long you’re connected—is recorded for auditing and monitoring. |
Now let’s break that down more naturally so you understand how you use each part:
Authentication:
This is always the first thing that happens when you try to connect. You identify yourself—usually with a username and password. The system checks these details against a database. If they match, you’re in. If not, access is denied. So every time you log in to a secure system, you’re using authentication whether you notice it or not.
Authorization:
Getting in doesn’t mean you get access to everything. Once you’re authenticated, authorization kicks in to check what you’re actually allowed to do. Maybe you can read certain files but not modify them, or maybe you can access only a specific section of the system. This is based on your role or your group, and the system uses this to enforce the rules.
Accounting:
After you’re inside and doing things, accounting keeps a record. It logs your login time, what you accessed, how long you stayed, and how much data you used. You might not see this happening, but it’s always running in the background. It helps admins like you with audits, billing, troubleshooting, and spotting anything unusual.
When you use AAA in a network, you’re not just controlling who gets in—you’re controlling what they can do and watching what they actually do. That’s how you build both security and accountability into your systems.