# Install the SecureAuth® Identity Platform RADIUS Server

Install SecureAuth Identity Platform RADIUS server v20.12 or upgrade from SecureAuth IdP RADIUS server v1.0.x - v2.5.x or v19.06 - v20.12.

### Important

Do not install SecureAuth Identity Platform RADIUS server v20.12 on a Windows Domain Controller.

If you are a new customer, for optimum performance, especially for large enterprises, install the SecureAuth RADIUS server separately from the Identity Platform server. If you are upgrading, consider moving SecureAuth RADIUS to its own server. If in doubt, contact SecureAuth Support.

###### Installation

Ensure that SecureAuth IdP version 9.3 or later or SecureAuth Identity Platform version 19.07 or later is installed.

If RADIUS v1.0.x is currently installed, contact SecureAuth Support for detailed instructions.

If RADIUS v2.0.x - v20.06.xx is currently installed, RADIUS v20.12.xx will be installed over the existing installation by default. You cannot select a different installation path.

If you are installing RADIUS for the first time, RADIUS v20.12.xx will be installed in a new folder by default. RADIUS v20.12.xx is installed in C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent. Optionally, you can select a different installation path by completing the following:

1. Export all configurations.

4. Use the SecureAuth RADIUS import tools to import the configuration settings.

3. Click Next > to proceed.

• Create a Desktop icon.

• Create an entry in the Start Menu.

5. Click Next to review settings.

6. Review settings and do one of the following:

• Click Back to make edits.

• Or click Install to begin installing the RADIUS service.

7. After the installation is complete, optionally select the files to start when the wizard closes:

8. Click Finish to close the install wizard.

If either or both files were selected at step 7, the requested files are displayed.

9. Optional: Add the radius.oath.strategy property to the "appliance.radius.properties" file if end users in your organization have multiple devices and you want to let them select which device to authenticate with.

1. Open the "appliance.radius.properties" file, located in the conf folder, with a text editor, such as Notepad:

<RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

When end users with multiple devices authenticate, they will see a screen that looks like the following example:

Additionally, SecureAuth RADIUS server supports both HOTP and TOTP in seed and token modes, so end users will see an answer choice of TOTP/HOTP instead of OTP, as shown in the following example image:

10. Optional: Configure the number of Universal Datagram Protocol (UDP) processor threads that SecureAuth RADIUS can use to receive access-request packets.

Add the radius.processorThreads property to the appliance.radius.properties file.

1. Open the "appliance.radius.properties" file, located in the conf folder, with a text editor, such as Notepad:

<RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

If a value for radius.processorThreads is not specified, it is set to 50 by default, for best performance.

5. When you lose connection, cancel out of the reconnect dialog. Connect in the Administrator PowerShell screen by adding the PID for the java.exe process. (Find the java.exe PID in the Task Manager "Details" tab.)

jconsole.exe <PID>; for example, jconsole.exe 4648

11. Optional: Configure the SecureAuth Identity Platform time-out value to maximize successful login requests.

1. Open the appliance.radius.properties file, located in the conf folder, with a text editor, such as Notepad:

<RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

2. Add the idp.api.timeout property, as shown in the following image.

If a value for idp.api.timeout is not specified, it is set to 50000 by default.

12. Optional: Configure SecureAuth IdP to support special characters for user IDs through the enable.special.characters.for.userid property. This property is true by default, which means special characters are supported. Customers running SecureAuth IdP v9.3+ or SecureAuth Identity Platform v19.07+ do not need to change this setting.

SecureAuth IdP v9.2 customers:

You must disable support for special characters; otherwise, end users who use special characters in their user IDs will not be able to authenticate.

Set the enable.special.characters.for.userid to false because the SecureAuth RADIUS server cannot support special characters for user ID.

1. Open the appliance.radius.properties file, located in the conf folder, with a text editor, such as Notepad:

<RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\conf

For example:  C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\confappliance.radius.properties

2. Edit the enable.special.characters.for.userid property, as shown in the following image, and set it to false.