As part of the RADIUS setup process, you must add one or more RADIUS clients, such as VPN servers or firewalls.
Before you begin
You must be a Super Admin in the Cloud Administration Console.
- Sign into the Cloud Administration Console.
- Click Authentication Clients > RADIUS.
- In the left-hand navigation frame, click RADIUS Clients.
- Click Add RADIUS Client.
- In the Name field, enter a name for the RADIUS client, such as Cisco, or Citrix.
- In the IP Address field, enter the IP address of the network device you want to add as RADIUS client.
- In the Shared Secret field, enter the shared secret that acts as a password between this client and the RADIUS server.
- (Optional). In the Authentication Details section, select how validation will be performed for user requests to this RADIUS client. By default, the Cloud Authentication Service validates the user's directory server password and applies the access policy that is configured for the RADIUS client for additional authentication. You can configure the client to require the Cloud Authentication Service to only apply the configured access policy for additional authentication. In this case, make sure the RADIUS client requires password authentication, or that the access policy requires all users to perform additional authentication.
In the Access Policy field, select a policy to apply to users who authenticate through this RADIUS client.
Note: If the policy requires additional authentication, it must specify at least one of these methods: Approve, SecurID Token, Authenticate Tokencode, Device Biometrics, SMS Tokencode, or Voice Tokencode. RADIUS does not support other methods. Also, RADIUS does not support authentication conditions in access policies. Policies with conditions do not appear in the drop-down list.
(Optional). Enable the Automatically prompt for default authentication method field to enable the RADIUS client to send push notifications for Approve and Device Biometrics without forcing users to select a method, when Approve or Device Biometrics is the user's default method. Enabling this field does not affect the RADIUS user experience for other authentication methods.
(Optional) If you enabled the previous field, Automatically prompt for default authentication method, users who do not respond to the push notification within 40 seconds are prompted to select another method provided from the assurance level in the access policy. You can use the Allow users to select authentication method after timeout (seconds) field to increase or decrease the 40 second default. If the assurance level provides an alternate method, RSA recommends that you allow users 10-40 seconds to complete the alternate method. After 90 seconds, mobile authentication times out and authentication fails.
- Click Save.
- Click Publish Changes to apply the configured settings.