Integrate RADIUS applications
You can configure a Generic RADIUS client to make it accessible through RADIUS authentication.
Identity as a Service supports RADIUS authentication and Extended Access Protocol (EAP) RADIUS authentication for RADIUS applications. EAP authentication functions as follows:
- A TLS tunnel is created from the VPN client (a type of RADIUS application) to the RADIUS server.
- Authentication is performed within that tunnel.
All communication between the VPN client and RADIUS server, including the TLS handshake and EAP messages, are packaged as RADIUS messages.
Identity as a Service supports two types of EAP authentication:
-
PEAPv0 with MSCHAPv2
This authentication protocol sends MSCHAPv2 messages over the EAP protocol. It does not support challenge messages. Only first-factor token authentication is supported.
-
PEAPv1 with EAP-GTC
This EAP protocol supports challenge/response to provide two-step authentication.
The type of EAP authentication used depends on the type of VPN server (that is, RADIUS application). Identity as a Service allows you to customize the EAP for each RADIUS application.
To add or edit RADIUS applications, you must have a role with Enterprise Gateway and Agents Management View access.
Topics in this section
RADIUS integration prerequisites
Use the Generic RADIUS Client to configure your Virtual Private Network (VPN) server for RADIUS authentication. The Generic RADIUS client works with the Identity as a Service gateway and its RADIUS agent. The Identity as a Service gateway and RADIUS agent act as the RADIUS server in this configuration.
Integrate generic RADIUS applications
Entrust recommends that when multiple RADIUS applications are configured that each RADIUS application is given a unique shared secret.
For information on integrating Identity as a Service with RADIUS and VPN applications, see the Technical Integration Guides.