Add a Custom RADIUS User Attribute Definition

RADIUS user attributes can be assigned to user outside of the user’s assigned RADIUS profile. For example, you might want to add a callback telephone number attribute to later individually assign to users with their specific telephone numbers.

A custom RADIUS user attribute can be either of the following:

  • A new, non-standard RADIUS attribute (value of 64 to 255) that you add a to a RADIUS dictionary.

  • A non-standard RADIUS attribute that exists in a RADIUS dictionary.

You can add a custom user attribute definition with or without an actual value, or map it to an attribute in an LDAP directory.

Before you begin

  • When the custom RADIUS attribute is a new attribute, make sure that it does not conflict with an existing attribute in the dictionary. If the dictionary contains an attribute that uses the same name or number as the attribute that you want to add, comment out the conflicting attribute.

  • When you create a new custom attribute, for each RADIUS client type that uses the attribute, add a RADIUS attribute definition to the RADIUS dictionary for that client type. You must add the attribute to the dictionary on each RSA RADIUS server. For instructions, see Add a RADIUS Attribute Definition to a Dictionary.

Procedure

  1. In the Security Console, click RADIUS > RADIUS User Attribute Definitions > Add New.

  2. In the Number field, enter a number between 64 and 225.

  3. In the Attribute Name field, enter a name that describes the function of the attribute.

    Enter a name that is different from the standard RADIUS attribute names.

  4. In the Map to Identity Attribute section, select whether to map the custom attribute to an identity source attribute or to manually enter the attribute value, and do one of the following:

    • If you select Yes, select the identity attribute to which you want to map the RADIUS attribute, and enter any notes about this attribute mapping, for example, Mapped to telephone number in HR database.

    • If you select No, enter the default value and any notes about this attribute, for example, User's office telephone number as of October 1, 2012.

  5. Click Save.

After you finish

If you do not enter the value when you add the definition, you must enter the attribute value when you assign the attribute to a user or trusted user. For more information, see Assign RADIUS User Attributes to Users.

Related Concepts

RADIUS User Attributes

Related Tasks

Add a RADIUS Attribute Definition to a Dictionary