Skip to main content


What are Realms?

Realms define a Sonatype Nexus Repository user's authentication source (e.g., Local Authentication, LDAP Realm, etc.).

Configuring Realms


To manage realms, you must have the nx-all or nx-settings privilege.

Your Sonatype Nexus Repository instance is likely to use multiple security realms, so it is important to configure the order in which realms are used when granting access. You can manage your active realms under Administration → Security → Realms as shown in the image below.

Realms list

Here, you can activate and prioritize security realms by adding them to the Active list in the right-hand column and then moving them higher or lower on the list using the up and down arrows available next to each active realm. Select the Save button to save any changes.

The order in which you have your active realms determines what authentication realm is given priority for granting a user access in the event of a name clash between authentication realms .


Do not remove all realms from the the Active section. Doing so prevents access to Sonatype Nexus Repository for any user, including administrators.

Available Realms

The table below provides details about each available security realm in Sonatype Nexus Repository.



Conan Bearer Token Realm

This realm is required for uploading to Conan repositories and produces tokens in response to the conan user command; see Conan's documentation.

Crowd Realm PRO

This realm identifies external configuration in an Atlassian Crowd system. Details are documented in Atlassian Crowd Support.

Default Role Realm

This realm will append the configured role to all users when they are authenticated; see the Default Role page.

Docker Bearer Token Realm

This realm is required to access Docker repositories through a Docker client or other container image manager (e.g., Docker Desktop, Docker Engine, Podman, etc.). It is also required in order to allow anonymous pull access to Docker repositories. See the Docker Authentication help topic for more information.

LDAP Realm

This realm identifies external storage in an LDAP system (e.g., Microsoft ActiveDirectory, ApacheDS, OpenLDAP, etc.). See the LDAP help topic for more information.

Local Authenticating Realm

This is a built-in realm and is used by default. They allow Sonatype Nexus Repository to manage security setup without additional external systems.


Sonatype recommends keeping the Local Authenticating realm at the top of the active list. In the event of system recovery, restoration may be more difficult if you have it lower in the order or removed.

npm Bearer Token Realm

This realm permits users with previously generated bearer tokens to publish npm packages. It also allows users to establish the authentication to a repository with the npm adduser(npm login is an equivalent alias) command. See the npm Security help topic for more information.

NuGet API-Key Realm

This realm is required for deployments to NuGet repositories as documented in the NuGet Repositories help topic.

Rut Auth Realm

This realm allows you to use any external security system that passes along user details via HTTP headers for requests to Sonatype Nexus Repository. See the Authentication via Remote User Token help topic for details.


This realm uses an external Identity Provider (IdP) to handle authentication. See the SAML help topic for more information.

User Token Realm PRO

This realm allows you to use user tokensas a method for authentication that would normally require passing your username and password in plain text. See the Security Setup with User Tokens help topic for details on user tokens.