LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
    • cleverbridge
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Overview
  • Roles
  • Administrators
  • Viewers
  • Users
  • Invalidate user tokens
  • Technical Contacts
  • Access Tokens
  • Add
  • Delete
  • Permissions consent
  • User consent
  • Admin consent

Was this helpful?

  1. Admin Portal
  2. Settings

Permissions

Permissions and RADIUSaaS REST API access tokens can be managed under https://YOURNAME.radius-as-a-service.com/settings/permissions

Last updated 3 months ago

Was this helpful?

Overview

The Permissions menu allows you to control access to the RADIUSaaS Admin Portal and the RADIUSaaS REST API.

RADIUSaaS leverages Microsoft Entra ID (Azure AD) as identity provider for the authentication when logging on to the RADIUSaaS Admin Portal.

RADIUSaaS does not store or manage its own administrator identities. The authentication is delegated to the corresponding Microsoft Entra ID (Azure AD) tenant of the provided UPN (SSO).

Therefore, administrators enjoy the comfort of working with their own Microsoft Entra ID (Azure AD) accounts and do not have to setup additional accounts. All applicable Conditional Access (CA) policies are enforced.

Changes to the role assignments and invalidating user tokens only become effective after clicking on Save.

Roles

Administrators

Microsoft Entra ID (Azure AD) UPNs entered here can access the RADIUSaaS Admin Portal and full read and write permissions on the service. These permissions include:

  • View and change others settings including permissions

Viewers

Microsoft Entra ID (Azure AD) UPNs entered here can access the RADIUSaaS Admin Portal with full read permissions on the service. These permissions include:

  • View others settings (permission cannot be viewed)

Users

Invalidate user tokens

During authentication to the RADIUSaaS Admin Portal, each permitted Microsoft Entra ID (Azure AD) account obtains an access (bearer) token that is cached in the browser's cookie store. The lifetime of the token is 30 days. Furthermore, RADIUSaaS has permission to refresh these access tokens.

In a security event, RADIUSaaS Administrators can invalidate all previously issued access tokens by setting the minimum issuance date to now.

Technical Contacts

Please note that this feature is in preparation for a notification feature in a future release of RADIUSaaS.

Add up to 5 technical contacts to receive e-mail notifications related to your instance. You can select the event level for each contact.

Event level
Example events

Info

Scheduled updates to your instance.

Warning

A certificate is about to expire, or an ISP is experiencing issues that could impact your instance.

Critical

Interruption to your instance.

Access Tokens

Add

Follow these steps to create a new access token:

  1. Click on Add

  2. Provide a meaningful Name for the access token

  3. Select the lifetime of the access token

  4. Click on Close

Delete

To delete an access token, locate it in the table and click on the bin icon:

Permissions consent

There are two alternative ways to provide consent:

  • User Consent Each user accepts the consent upon first login to the portal.

  • Admin Consent An administrator can consent on behalf of the organization for all users.

User consent

If no consent has been given on behalf of the organization before by an admin, a user will see a permission request dialogue:

Administrators can review & revoke user consents in the Azure Portal (Microsoft Entra ID > Enterprise Applications > RADIUS as a Service):

Admin consent

Rather than requiring consent from each user, administrators can grant consent for all users on behalf of the organization, when logging in the RADIUSaaS web portal for the first time:

Alternatively, administrators can grant the consent on behalf of the organization in the Azure portal (Microsoft Entra ID > Enterprise Applications > RADIUS as a Service). In Azure Portal, administrators can also review or revoke the consent:

View

View, add, change, delete

View, add, change, delete and for client authentication and RadSec

View, add, delete

Manage

Access to all and CRUD operations

View

View

View, add, change, delete and for client authentication and RadSec

View

Access to all - limited to read operations

Microsoft Entra ID (Azure AD) UPNs entered here cannot access the RADIUSaaS Admin Portal, however, they can access the portal, where they are able to create for BYOD or guest access.

Access tokens are required to authenticate calls to the .

Set the permission level by selecting a

Click on Create

Copy the access token to the clipboard and store it at a secure location.

Microsoft Entra ID (Azure AD) accounts that log on to the RADIUSaaS Admin Portal for the first time must grant RADIUSaaS a limited set of .

Users can review or revoke this consent in Microsoft .

dashboards and Logs
Users
Proxies
API endpoints
dashboards and Logs
Users
Proxies
API endpoints
My Invited Users
Users
RADIUSaaS REST API
My Apps
RADIUSaaS REST API Access Token
Role
trusted certificates
trusted certificates
RADIUS server certificates
RADIUS server certificates
permissions in their Azure tenant