Avi CLI Access to a SAML-Authenticated Avi Controller


Avi Vantage supports single sign-on (SSO) to the Avi Controller’s UI using Security Assertion Markup Language (SAML). However, during debugging or even normal day-to-day operations, there is often a need to access the Avi Controller’s CLI using SSH. SAML credentials cannot be used to login to the CLI.

To access the Avi Controller via SSH, a registered user must have a valid token. Once a token has been created, one can initiate an SSH connection to the Controller using cli as the SSH user. A CLI shell will be created. Once the shell has been created, a login prompt will be presented. Provide the required username and the token as the password.

Generate the Authorization Token

  1. Login to the Avi UI.
  2. Click on the three dots in the dashboard.

    Generate Token

  3. Click on Generate Token.

    Generate Token
    A pop-up screen appears as shown below:

    Generate Token

  4. Enter the Lifetime for the token’s validity in hours.

    Generate Token

    • To generate a single use token, enter 0.
    • The maximum value that can be entered in this field is 87600 hours.
    • In case another token is generated before the first one expires, the first token still remains valid.
  5. Click on Generate. The token is generated and displayed as shown below:

    Generate Token

  6. Copy the token to be used for CLI/SSH access.

Access the CLI Using the Token

  1. Open an SSH or Putty session to cli@.saas.avinetworks.com</code>.
  2. Login with your username.
  3. Paste the token that was generated using the CLI as the Password.

    You have now successfully logged into your Controller using your account or Service Account.