Prerequisites for RADIUS server

If you are a new customer, for optimum performance, especially for large enterprises, install the SecureAuth RADIUS server separately from the Identity Platform server. If in doubt, contact SecureAuth Support.

  • SecureAuth Identity Platform version 9.3 or later

  • Hybrid: Authentication API (v9.3+) configured and enabled on the realm

  • Cloud: Authentication Apps (19.07+) configured and enabled on Identity Platform, plus Authentication API (v9.3+) configured and enabled on the realm

Supported SecureAuth Identity Platform features

See the SecureAuth compatibility guide for product and component compatibility with operating systems, Authenticate app, browsers, Java, data stores, identity types, SSO/post-authentication actions, Login for Windows, Login for Mac, and YubiKey.

SecureAuth Identity Platform features

SecureAuth Identity Platform version

Configuration notes

Adaptive Authentication

v9.3+

Configure threat checking for:

  • User Groups – See Adaptive Authentication for RADIUS responses with user group checking enabled.

  • End user Client IPs – Cisco, NetScaler, and Palo Alto Networks platforms only.

Push-to-Accept

v9.3+

Attribute Mapping

v9.3+

Configure and enable Identity Management API (v9.3+) on the realm to grant or deny end user login access.

Group based authentication – Optionally configure Membership Connection Settings to grant or deny login access:

  • Specify the name of the user group to be granted or denied access, or

  • Designate a Property from Profile Fields to identify the user group to be granted or denied access.

UPN Logon

v9.3+

Multi-Factor Authentication methods

SecureAuth Identity Platform version

SecureAuth Identity Platform v9.3 supported server and required components

Time-based One-Time Passcode (TOTP)

v9.3+*

NetMotion Wireless VPN:

  • PEAP protocol support requirements:

    • Public or private certificate

    • .PFX file

    • Private Key and Private Key Password

  • Microsoft Visual C++ requirements:

NOTE: SecureAuth employees, refer to NetMotion Mobility RADIUS configuration guide.

HMAC-based One-Time Passcode (HOTP)

v9.3+*

SMS (OTP only)

v9.3+*

Phone

v9.3+*

Email (OTP only)

v9.3+*

Passcode OTP (Push Notification)

v9.3+*

Mobile Login Request

v9.3+*

PIN

v9.3+*

Yubico OTP Token

v9.3+*

Symbol-to-Accept (Protect package and higher only)

v9.3+

Fingerprint Recognition (Prevent package only)

v19.07+, using 2019 theme

Face Recognition (Prevent package only)

v19.07+, using 2019 theme

Link-to-Accept (Protect package and higher only)

v19.07.01-25+ and v20.06-2+

* Links to 9.1/9.2 documentation, but information is valid for v9.3+