Remote Authentication Dial-In User Service (RADIUS) is an industry standard client/server authentication protocol that enhances security by protecting networks from unauthorized access.
RADIUS based multi-factor authentication for ADSelfService Plus can be configured in just two simple steps.
Step 1: Integrate RADIUS with ADSelfService Plus:
Log in to RADIUS server.
Navigate to clients.conf file.(/etc/raddb/clients.conf)
Add the following snippet in the clients.conf file.
ipaddr = xxx.xx.x.xxx
secret = secretCode
nastype = other
Restart RADIUS server.
Step 2: Configure ADSelfService Plus for RADIUS:
Log in to ADSelfService Plus console using administrator credentials.
Navigate to Configuration -> Self Service -> Multi-Factor Authentication -> Choose Policy -> RADIUS Authentication.
Select Enable RADIUS Authentication option.
Enter the IP address or the name of the RADIUS server.
Enter the port number for RADIUS authentication.
Select the protocol used for RADIUS authentication from the drop-down list.
Provide the security key that was added to the clients.conf file in RADIUS server.
Set the RADIUS user name pattern.
Set a duration for authentication request time-out duration.
Note: Username Pattern is case sensitive. Please make sure you select the exact pattern (uppercase or lowercase) you use in your RADIUS server.
Once configured, users will have to provide their RADIUS passwords, in addition to their domain passwords, to gain access to ADSelfService Plus.