Configure RADIUS authentication
You can configure RADIUS authentication to support MFA to Privilege Cloud.
Considerations and preliminary steps
-
To configure RADIUS authentication you will need the assistance of CyberArk Support.
-
Deploy the Secure Tunnel before you configure RADIUS authentication. See Deploy Secure Tunnel.
Prepare your RADIUS server for connecting with Privilege Cloud
In the RADIUS server, define Privilege Cloud as a RADIUS client/agent. For details, refer to your RADIUS server documentation.
Provide information to CyberArk Support
CyberArk Support requires the following information for configuring RADIUS authentication. The following fields are mandatory.
|
Parameter |
Details |
|---|---|
| RADIUS server address and port | The IP address or host name and the port of the RADIUS server. |
|
Host name of the RADIUS client |
The name of the Privilege Cloud server that you defined in the RADIUS server in Prepare your RADIUS server for connecting with Privilege Cloud. |
| RADIUS Secret | A shared secret string between the RADIUS server and Privilege Cloud (can contain up to 255 characters) generated when you prepared the RADIUS server. |
Following RADIUS setup in Secure Tunnel by CyberArk Support
After CyberArk Support have configured the RADIUS interface, RADIUS authentication will commence.
When connecting multiple RADIUS services for High Availability, take note that authentication will fail if the first RADIUS is down. Authentication then moves on to the next RADIUS and will succeed upon reaching an operational RADIUS.
