Configure Identity Administration for RADIUS

Support type	Use case	Description
Identity Connector as a RADIUS server	Provide MFA for RADIUS clients, such as VPNs	Integrate Identity Administration with your RADIUS client to provide a second authentication layer for added security. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement. A typical work flow is when a RADIUS client (like a VPN server) uses the Identity Connector as a RADIUS server to authenticate an incoming user connection. Depending on the user type, the connector authenticates the credentials either through Active Directory or Identity Administration and returns the authentication result to the RADIUS client. This diagram shows the work flow. See Configure the Identity Connector for use as a RADIUS server for general configuration steps.
Identity Connector as a RADIUS server	Provide only the second authentication factor for RADIUS clients	Keep your existing primary authentication (for example, Active Directory) and configure the Identity Connector as a RADIUS server to provide only the second authentication factor for RADIUS clients that support secondary authentication factors. See Configure the Identity Connector for use as a RADIUS server for general configuration steps.
Identity Connector as a RADIUS client	Provide MFA for Identity Administration using an external RADIUS server	When users attempt to log in to Identity Administration and select an external RADIUS server as a multi-factor authentication (MFA) mechanism, we send the user credentials (username and passcode) to the connector, which validates them against the configured RADIUS server, and returns the result of that validation to Identity Administration. This diagram shows the work flow. See Configure the Identity Connector for use as a RADIUS client for configuration details.

Identity Connector as a RADIUS server

Provide MFA for RADIUS clients, such as VPNs

Integrate Identity Administration with your RADIUS client to provide a second authentication layer for added security. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement. A typical work flow is when a RADIUS client (like a VPN server) uses the Identity Connector as a RADIUS server to authenticate an incoming user connection. Depending on the user type, the connector authenticates the credentials either through Active Directory or Identity Administration and returns the authentication result to the RADIUS client. This diagram shows the work flow.

Radius Client

See Configure the Identity Connector for use as a RADIUS server for general configuration steps.

Identity Connector as a RADIUS server

Provide only the second authentication factor for RADIUS clients

Keep your existing primary authentication (for example, Active Directory) and configure the Identity Connector as a RADIUS server to provide only the second authentication factor for RADIUS clients that support secondary authentication factors.

See Configure the Identity Connector for use as a RADIUS server for general configuration steps.

Identity Connector as a RADIUS client

Provide MFA for Identity Administration using an external RADIUS server

When users attempt to log in to Identity Administration and select an external RADIUS server as a multi-factor authentication (MFA) mechanism, we send the user credentials (username and passcode) to the connector, which validates them against the configured RADIUS server, and returns the result of that validation to Identity Administration. This diagram shows the work flow.

Radius server

See Configure the Identity Connector for use as a RADIUS client for configuration details.