For optimum performance in a large organization, consider installing or upgrading SecureAuth RADIUS separately from the Identity Platform server.

If you have any questions, contact SecureAuth Support.

## Installation steps

Before installing SecureAuth RADIUS Server, ensure that you have SecureAuth IdP 9.3 or Identity Platform release 19.07 or later installed.

### Note

Do not install SecureAuth Identity Platform RADIUS server version 20.12 on a Windows Domain Controller.

2. Double-click the SecureAuth-IdP-RADIUS-Server-20.12.13.exe file to start the install wizard.

If you have not already logged in as an administrator, you will be prompted to do so.

3. Click Next to proceed.

4. Select the folder where you want to install the RADIUS Agent.

• Create a Desktop icon.

• Create an entry in the Start Menu.

6. Click Next to review settings.

7. Review settings and do one of the following:

• Click Back to make edits.

• Click Install to begin installing the RADIUS service.

8. After the installation is complete, optionally select the files to start when the wizard closes:

9. Click Finish to close the install wizard.

If either or both files were selected in the previous step, the requested files are displayed.

## Optional configurations

The following steps are optional configurations you can make to customize the SecureAuth RADIUS Server.

### Disable special character support in user IDs (SecureAuth IdP 9.2 only)

Customers running SecureAuth IdP 9.2  must disable support for special characters; otherwise, end users who use special characters in their user IDs will not be able to authenticate.

1. Open the appliance.radius.properties file in a text editor.

This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

2. Set enable.special.characters.for.userid=false, as shown in the following image:

### Display multiple authentication devices

Allow end users to select their authentication device if they have more than one device.

1. Open the appliance.radius.properties file in a text editor.

This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

End user experience

When end users with multiple devices authenticate, the following screen appears:

Additionally, SecureAuth RADIUS server supports both HMAC-based One-Time Password (HOTP) and Time-based One-Time Password (TOTP) in seed and token modes, so the TOTP/HOTP authentication type appears instead of OTP:

### Maximize login requests with timeout value

Maximize successful login requests to the Identity Platform by setting a timeout value.

1. Open the appliance.radius.properties file in a text editor.

This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

2. Add the idp.api.timeout=n property, where n is the timeout value in milliseconds.

For example, idp.api.timeout=50000.

If a value for idp.api.timeout is not specified, it is set to 50000 by default.

### Set the number of UDP processor threads

Set the number of User Datagram Protocol (UDP) processor threads that SecureAuth RADIUS can use to receive access-request packets.

1. Open the appliance.radius.properties file in a text editor.

This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

For example, radius.processorThreads=50.

If a value for radius.processorThreads is not specified, it is set to 50 by default for best performance.

5. Right-click secureAuthRadius and click Restart.

When you lose connection, cancel out of the reconnect dialog.

6. Select the Services tab and copy the PID for the java.exe process.

7. Open PowerShell as an Administrator.

8. Append the PID for the java.exe process to jconsole.exe and run the command.

jconsole.exe <PID>

For example:

jconsole.exe 4648

### Set the PIN length for PIN + OTP authentication

Set the PIN length for your end users for the PIN + OTP authentication workflow.

1. Open the appliance.radius.properties file in a text editor.

This file is located in the conf folder. For example: C:\Program Files\SecureAuth Corporation\SecureAuth IdP RADIUS Agent\bin\conf

2. Add the pin.length = n property, where n is the PIN length. Set a PIN length of up to 18 digits.

For example, pin.length = 8.