Configure CyberArk Identity for RADIUS

CyberArk Identity supports RADIUS in the following ways.

Support type

Use case

Description

CyberArk Identity Connector as a RADIUS server Provide MFA for RADIUS clients, such as VPNs

Integrate CyberArk Identity with your RADIUS client to provide a second authentication layer for added security. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement. A typical work flow is when a RADIUS client (like a VPN server) uses the CyberArk Identity Connector as a RADIUS server to authenticate an incoming user connection. Depending on the user type, the connector authenticates the credentials either through Active Directory or CyberArk Identity and returns the authentication result to the RADIUS client. This diagram shows the work flow.

Radius Client

See Configure the CyberArk Identity Connector for use as a RADIUS server for general configuration steps.

CyberArk Identity Connector as a RADIUS server

Provide only the second authentication factor for RADIUS clients

Keep your existing primary authentication (for example, Active Directory) and configure the CyberArk Identity Connector as a RADIUS server to provide only the second authentication factor for RADIUS clients that support secondary authentication factors.

See Configure the CyberArk Identity Connector for use as a RADIUS server for general configuration steps.

CyberArk Identity Connector as a RADIUS client Provide MFA for CyberArk Identity using an external RADIUS server

When users attempt to log in to CyberArk Identity and selects an external RADIUS server as a multi-factor authentication (MFA) mechanism, we send the user credentials (username and passcode) to the connector, which validates them against the configured RADIUS server, and returns the result of that validation to CyberArk Identity. This diagram shows the work flow.

Radius server

See Configure the CyberArk Identity Connector for use as a RADIUS client for configuration details.