Skip to main content

Prerequisites for RADIUS server, v20.06

If you are a new customer, for optimum performance, especially for large enterprises, install the SecureAuth RADIUS server separately from the IdP or Identity Platform server. If in doubt, contact SecureAuth Support.

  • SecureAuth IdP version 9.1 or later

  • Hybrid: Authentication API (v9.1+) configured and enabled on the realm

  • Cloud: Authentication Apps (19.07+) configured and enabled on Identity Platform, plus Authentication API (v9.2+) configured and enabled on the realm

  • If you use a load balancer:

    When you use Push-to-Accept, Symbol-to-Accept, or Link-to-Accept MFA methods with SecureAuth RADIUS Server, you must enable session persistence ("sticky sessions") on the load balancer to maintain state with the Identity Platform. SecureAuth RADIUS Server supports cookie-based persistence only.

    You don't need to enable session persistence if RADIUS Server is installed on the Identity Platform server or is targeted directly (not load-balanced).

Supported SecureAuth IdP features

See the SecureAuth compatibility guide for product and component compatibility with operating systems, Authenticate app, browsers, Java, data stores, identity types, SSO/post-authentication actions, Login for Windows, Login for Mac, and YubiKey.

SecureAuth IdP features

SecureAuth IdP version

Configuration notes

Adaptive Authentication

v9.1+

Configure threat checking for:

  • User Groups – See Adaptive Authentication for RADIUS responses with user group checking enabled.

  • End user Client IPs – Cisco, NetScaler, and Palo Alto Networks platforms only.

Push-to-Accept

v9.1+

Attribute Mapping

v9.1+

Configure and enable Identity Management API (v9.1+) on the realm to grant / deny end user login access.

Group based authentication – Optionally configure Membership Connection Settings to grant / deny login access:

  • Specify the name of the user group to be granted / denied access, or

  • Designate a Property from Profile Fields to identify the user group to be granted / denied access.

UPN Logon

v9.1+

Multi-Factor Authentication methods

SecureAuth IdP version

SecureAuth IdP v9.x supported server and required components

Time-based One-Time Passcode (TOTP)

v9.1+

NetMotion Wireless VPN:

  • PEAP protocol support requirements:

    • Public or private certificate

    • .PFX file

    • Private Key and Private Key Password

  • Microsoft Visual C++ requirements:

    • x64 version of Redistributable for Visual Studio 2012 Update 4installed on the Windows server on which SecureAuth IdP RADIUS server is deployed

NOTE: SecureAuth employees, refer to NetMotion Mobility RADIUS configuration guide.

HMAC-based One-Time Passcode (HOTP)

v9.1+

SMS (OTP only)

v9.1+

Phone

v9.1+

Email (OTP only)

v9.1+

Passcode OTP (Push Notification)

v9.1+

Mobile Login Request

v9.1+

PIN

v9.1+

Yubico OTP Token

v9.2+

Symbol-to-Accept (Protect package and higher only)

v9.3+

Fingerprint Recognition (Prevent package only)

v19.07+, using 2019 theme

Face Recognition (Prevent package only)

v19.07+, using 2019 theme

In this section: