Configure Identity Administration for RADIUS
Identity Administration supports RADIUS in the following ways.
Support type |
Use case |
Description |
---|---|---|
Identity Connector as a RADIUS server | Provide MFA for RADIUS clients, such as VPNs |
Integrate Identity Administration with your RADIUS client to provide a second authentication layer for added security. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement. A typical work flow is when a RADIUS client (like a VPN server) uses the Identity Connector as a RADIUS server to authenticate an incoming user connection. Depending on the user type, the connector authenticates the credentials either through Active Directory or Identity Administration and returns the authentication result to the RADIUS client. This diagram shows the work flow.
See Configure the Identity Connector for use as a RADIUS server for general configuration steps. |
Identity Connector as a RADIUS server |
Provide only the second authentication factor for RADIUS clients |
Keep your existing primary authentication (for example, Active Directory) and configure the Identity Connector as a RADIUS server to provide only the second authentication factor for RADIUS clients that support secondary authentication factors.
See Configure the Identity Connector for use as a RADIUS server for general configuration steps. |
Identity Connector as a RADIUS client | Provide MFA for Identity Administration using an external RADIUS server |
When users attempt to log in to Identity Administration and select an external RADIUS server as a multi-factor authentication (MFA) mechanism, we send the user credentials (username and passcode) to the connector, which validates them against the configured RADIUS server, and returns the result of that validation to Identity Administration. This diagram shows the work flow.
See Configure the Identity Connector for use as a RADIUS client for configuration details. |