Top

Integrating RADIUS server and leveraging RADIUS authentication

You can integrate Key Manager Plus and RADIUS server in your environment and also leverage the RADIUS authentication for user access bypassing the local authentication provided by KMP. This section explains the configurations involved in integrating RADIUS server with KMP.

Step-1: Providing basic details about RADIUS server

To integrate RADIUS server with Key Manager Plus, provide the following basic details about RADIUS server and the credentials to establish connection.

  1. Navigate to Settings → RADIUS
  2. In the RADIUS server page that appears, provide the following details
  3. Server Name/IP Address - Enter the host name or IP address of the host where the RADIUS server is running
  4. Server Authentication Port - Enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS authentication
  5. Server Protocol- Select the protocol that is used to authenticate users. Choose from the following four protocols:
    • Password Authentication Protocol (PAP)
    • Challenge-Handshake Authentication Protocol (CHAP)
    • Microsoft Challenge-Handshake Authentication Protocol (MSCHAP)
    • Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)
  6. Authentication retries - Select the number of times you wish to retry authentication in the event of an authentication failure
  7. Server secret - Enter a server secret, which you would have to provide every time you want to integrate RADIUS server with Key Manager Plus
  8. After providing the required details, click Save

Step-2: RADIUS user addition:

After integrating the RADIUS server with Key Manager Plus, you should manually add RADIUS users to KMP in order to enable them access to Key Manager Plus.

To add RADIUS users,

Step-3: User authentication:

Once RADIUS users are added to Key Manager Plus, they can user their RADIUS credentials to leverage access to KMP. Choose the Radius Authentication option at the login page, provide your RADIUS credentials and click login.

Also, KMP provides an option for the RADIUS users to login independently using the local authentication option provided. With local authentication, users should specify user credentials provided to them by administrators. Users can choose between the two authentication at the time of login as shown below: