Configuring RADIUS Authentication
Access Manager Plus lets you integrate with the Remote Authentication Dial-In User Service (RADIUS) in your environment and leverage RADIUS authentication for user access. RADIUS is a client/server protocol that allows remote access servers to connect with a database to authenticate users and authorize their access to a system. Once you set up RADIUS-based authentication, it will bypass the local authentication provided by Access Manager Plus. This section explains the two steps involved in integrating RADIUS server with Access Manager Plus:
1. Configuring RADIUS Server
- Navigate to Admin >> Authentication >> RADIUS.
- Click Configure under 1. Configure RADIUS Server.
- In the pop-up that opens, enter the following attributes:
- Server Name/IP Address - enter the host name or IP address of the host where RADIUS server is running
- Server Authentication Port - enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for Authentication
- Server Protocol - select the protocol that is used to authenticate users. Choose from four protocols - Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge-Handshake Authentication Protocol (MSCHAP), Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)
- Authentication Retries - Choose the number of times you wish to retry authentication in the event of an authentication failure
- Server Secret - You have the option to enter the RADIUS server secret either manually in the textbox or you can direct Access Manager Plus to use the secret already stored in the product by choosing the option Use an Account Stored in Access Manager Plus. In that case, you need to select the connection name and account name from the drop-down.
- Click Save.
2. Enabling RADIUS Authentication
After configuring the RADIUS server, the next step is to enable the RADIUS server's authentication mechanism. To enable RADIUS authentication, click Enable RADIUS Authentication in step 2. Once you do this, users would be able to login to Access Manager Plus with their RADIUS credentials.
Note: The users who will be accessing Access Manager Plus using their RADIUS server credentials, will have to be added as users in Access Manager Plus first. When you do so, ensure that the username in Access Manager Plus is exactly the same as the username used for accessing the RADIUS server. Access Manager Plus does not store the password used for RADIUS authentication.