Use this guide to configure RADIUS on VMware Identity Manager for integration with SecureAuth IdP RADIUS.

1. Obtain administrator access to VMware Identity Manager version 2.4+

2. Configure SecureAuth IdP RADIUS Server v2.3.8+ on SecureAuth IdP v8.2+

3. Configure RADIUS client authentication

If chaining with primary authentication in VMware Identity Manager, then Username and Multi-Factor Authentication workflow must be configured

If only RADIUS authentication is used, then either Password and TOTP authentication workflow or Multi-Factor Authentication workflow must be configured

 

1. Log on the administrator console and click the Identity & Access Management tab, then Setup

2. On the Connectors page, click the Worker link for the connector being configured for RADIUS authentication

 

3. Click Auth Adapters, then RadiusAuthAdapter

4. When redirected to the Identity Manager connector, enter master password credentials, if prompted

 

5. On the Authentication Adapter page, click the checkbox to Enable Radius Adapter

6. Edit required fields as desired

Setting

Definition

Name

This required setting which identifies the adapter name is set to RadiusAuthAdapter by default and can be changed

Enable Radius Adapter

Select this checkbox to enable RADIUS authentication

Number of authentication attempts allowed

This required setting that specifies the maximum number of end-user failed login attempts when RADIUS is used for authentication is set to five attempts by default and can be changed

Login page passphrase hint

Enter the text for the message to appear on the end-user login page to direct users to enter the correct RADIUS passcode

For example, if this field is configured with AD password first and then SMS passcode, then the login page message would read Enter your AD password first and then SMS passcode.

The default text string is RADIUS Passcode.

Enable direct authentication to Radius server during auth chaining

Select this checkbox to automatically initialize RADIUS authentication by sending end-user credentials to the server on initial connection

Number of attempts to Radius server

This required setting specifies the total number of connection retry attempts to access the RADIUS server

If the primary server does not respond, the service waits until the configured Server timeout in seconds has elapsed before attempting to connect again

Server timeout in seconds

This required setting specifies the number of seconds for the RADIUS server timeout, after which time a retry is sent if the RADIUS server fails to respond

Radius server hostname / address

This required setting identifies the host name or the IP address of the RADIUS server

Authentication port

This required setting identifies the Radius authentication port number, which should be 1812

Accounting port

Enter 0 for the port number – the accounting port is not used at this time

Authentication type

Select the authentication protocol that is supported by the RADIUS server, which should be PAP

Shared secret

Enter the shared secret that is used between the RADIUS server and the VMware Identity Manager service

Realm Prefix

(OPTIONAL) The user account location is called the realm

If a realm prefix string is specified, the string is placed at the beginning of the username when the name is sent to the RADIUS server

For example, if the username is entered as jdoe and the realm prefix DOMAIN-A\ is specified, then the user name DOMAIN-A\jdoe is sent to the RADIUS server

If these fields are not configured, only the username that is entered is sent

Realm Suffix

(OPTIONAL) If a realm suffix is specified, the string is placed at end of the username

For example, if the suffix is @myco.com, the username jdoe@myco.com is sent to the RADIUS server

7. (OPTIONAL) To automatically initiate RADIUS and pass end-user credentials, click the checkbox to Enable direct authentication to Radius server during auth chaining

This setting prevents the end-user from needing to re-enter network credentials for RADIUS authentication if already authenticated via Identity Manager

8. Click Save when finished making edits and entries