|SecureAuth IdP features||SecureAuth IdP version||Configuration notes|
Configure threat checking for:
Configure and enable Identity Management API (v9.1+) on the realm to grant / deny end-user logon access.
Multi-Factor Authentication methods
|SecureAuth IdP version||SecureAuth IdP v9.x supported server and required components|
|Time-based One-Time Passcode (TOTP)||v9.1+|
NetMotion Wireless VPN:
NOTE: Refer to the NetMotion Mobility RADIUS configuration guide.
|HMAC-based One-Time Passcode (HOTP)||v9.1+|
|SMSSMS (OTP only)||v9.1+|
|Email (OTP only)||v9.1+|
|Passcode OTP (Push Notification)||v9.1+|
|Mobile Login Request||v9.1+|
SecureAuth IdP Adaptive Authentication IP Checking feature:
|RADIUS VPN and product support|
Supported RADIUS clients:
Other compatible RADIUS clients include:
Contact SecureAuth Professional Services with inquiries.
To configure a Palo Alto Networks GlobalProtect VPN to send the client IP to SecureAuth IdP RADIUS server:
|RADIUS client configuration|
Though not all RADIUS clients are configured in the same manner, the following basic connectivity parameters must be configured on RADIUS clients to be used with SecureAuth IdP:
NOTE: A valid certificate must be installed if using NetMotion Wireless VPN.
Sample RADIUS authentication server configuration:
|SecureAuth IdP RADIUS server v2.5 installation|
If SecureAuth RADIUS v1.0.x is currently installed, review the upgrade instructions in the Installation guide before installing the newer version of RADIUS.
If SecureAuth IdP RADIUS server v2.0.x - v2.2.x is currently installed, use the install instructions in Install SecureAuth IdP RADIUS server v2.5 to upgrade while retaining the current configuration settings.
If SecureAuth IdP RADIUS server v2.3.9 / v2.3.12 is currently installed, use the install instructions in Install SecureAuth IdP RADIUS server v2.5 to upgrade while retaining the current configuration settings .
If SecureAuth IdP RADIUS server v2.4.x is currently installed, use the install instructions in Install SecureAuth IdP RADIUS server v2.5 to upgrade while retaining the current configuration settings.
If installing SecureAuth IdP RADIUS server v2.5.x for the first time on the designated appliance, follow the install instructions in the installation guide.
SecureAuth IdP RADIUS logs for troubleshooting
See SecureAuth IdP RADIUS server logs for information about using the RADIUS logs for troubleshooting.
When running the RADIUS client with the Pulse Secure client and 2FA options, Pulse Secure limits the maximum number of characters to 210. End-users can see all options in the Pulse Secure web client when the number of characters is less than 210.
A second Pulse Secure limitation causes options 5 - 8 to be cut off from end-users' view on the 2FA list. End-users can select options 5 - 8, even though they are off-screen and there is no scrollbar.
Optionally, modify text in the RADIUS uiTextsBundle.properties configuration file to shorten messages from the multi-factors message. See "Modify text showing on client user interface during login" in Configuration guide - v2.5 - SecureAuth IdP RADIUS server.
Invalid characters in user IDs sent to the RADIUS server cause a RADIUS server failure.
Workaround: Ensure that user IDs contain the following valid characters only: