RADIUS authentication

The Vault enables users to log on through RADIUS authentication (Remote Authentication Dial-In User Service) using logon credentials that are stored in the RADIUS server. The Vault also supports RADIUS challenge-response authentication, in which the server sends back a challenge prompting the user for additional logon information, such as additional authentication information contained on external tokens.

Requirements

In order to enable users to authenticate to the EPV with Radius Authentication, you require the following:

Radius Server
Certificate – A Vault certificate to create an initial secured session prior to the RADIUS authentication. This certificate is optional, but recommended.
Radius Secret – A password known to only the RADIUS server and the CyberArk Vault. This password can contain up to 15 characters.

Configure RADIUS Authentication

The Vault enables users to log on through RADIUS authentication (Remote Authentication Dial-In User Service) using logon credentials that are stored in the RADIUS server. The Vault also supports RADIUS challenge-response authentication, in which the server sends back a challenge prompting the user for additional logon information, such as additional authentication information contained on external tokens.

Configure the user account

In the PrivateArk Client, configure the user account to authenticate with RADIUS authentication.

Authenticate through the PVWA

Authenticate through the PrivateArk Client

 
TruePrivileged Access Security11.1