Radius Server Authentication – Secure Remote Access
Strong Authentication for VPN or Remote Access Users
Radius Server Authentication for VPN is a high-performance UDP server enabling you to add two-factor authentication to any Radius-compliant system such as Microsoft Universal Access Gateway, VPN remote access routers/devices (Cisco, SonicWall, Palo Alto, Barracuda, Juniper, etc.), Citrix applications, and Wi-Fi access points, to name a few.
The Radius Server supports the following features:
- Challenge Response – The server “challenges” the user for any of their registered assigned credentials. Most of the time, the challenge will be to provide a One-Time Password after successfully entering a valid username and password. (Some Radius devices only support single-factor authentication. Two-factor authentication can still be used by appending the One-Time Password to the user’s password.)
- Proxy Server Chaining – In Radius authentication, there can often be multiple Radius servers as part of the authentication process. We support this scenario too.
Push Authentication Support
The Radius Server also supports Push Requests to the user’s mobile device to prompt for authentication. Push Requests require the user to install SurePassID Mobile Authenticator on the mobile device. The Push Request options are:
- Send OTP Code – A one-time passcode is sent to the user.
- Push Question – A question is sent to the user’s mobile device asking the user to confirm a request to allow access to the system. If the user responds positively, the user is allowed to login with just username and password.
- FIDO U2F Push Request – A request is sent to the users mobile device to authenticate themselves with their FIDO U2F device, such as the TapID Treo 3-in-1 FIDO Security Key.
- Voice OTP Code – A call is made to the user’s registered mobile phone and speaks a code to the user. The user then appends this code to the password.
- Email OTP Code – An email is sent to the user which contains a temporary code in the email. The user then appends this code to the password.
Versatile Directory Support
SurePassID Radius Server supports the following directories for first factor (username and password) authentication:
- Active Directory – For tight integration with existing enterprise Identity Management Systems
- SurePass Directory – For use with other cloud systems or external users that are not part of the existing enterprise Active Directory forest.
- LDAP Directory – For companies that use an LDAP directory such as Unix and Linux systems.
Additional product and technical information for the Radius Server can be found here.
SurePassID ServicePass (self-service portal) can be used to allow users to add, configure and manage OTP tokens for their own account, saving help desk overhead and valuable IT support time.