This section describes how to integrate HashiCorp Vault with RSA Authentication Manager using RADIUS.

Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager using RADIUS.

Procedure

1. Sign in to Security console using the admin credentials.
2. Click RADIUS > RADIUS Clients > Add New.
3. Provide the following details.
   1. Client Name: A name for your client.
   2. Any Client: Select this option if you need the request to come from any IP address.
   3. IPV4 Address: IP address of the client.
   4. Make/Model: Standard RADIUS
   5. Shared Secret: The secret given on your product.
4. Click Save & Create Associated RSA Agent.

Configure HashiCorp Vault

Perform these steps to configure HashiCorp Vault.

Procedure

1. Sign in to Vault with the root token that is set while starting the HashiCorp Vault server.
2. In the left pane, click Access.
3. Under Authentication Methods, click Enable new method.
4. Select RADIUS under Infra, and click Next.
5. Under Enable an Authentication Method, click Enable Method.
6. Configure the RADIUS server by providing the following details.
   1. Host: Server Name or IP address of your Authentication Manager.
   2. Secret: Enter the RADIUS shared secret. It must match with the secret as entered in the RSA Cloud Administration Console.
   3. Timeout: 60 seconds.
   4. Server Authentication Port: 1812.
   5. NAS Port: 10

In addition to the configuration made in the user interface, you can use the following endpoint to configure RADIUS.

RSA can be leveraged to use two-factor (PIN + token) authentication. RADIUS integration with HashiCorp Vault currently does not support multi-factor authentication.

Configuration is complete.

Return to the main page.