# Details
## What is RADIUS?
Whenever large companies need network authentication, [RADIUS (RFC 2865)](https://tools.ietf.org/html/rfc2865) is the protocol of choice. RADIUS is a AAA protocol which stands for **authentication, authorization and accounting**. It is therefore best suited for controlling access to networks like WiFi, Wired (802.1X, EAP) or VPN. The protocol was developed by Livingston Enterprises, Inc. in 1991 and is now part of the IETF standards.
## What is RadSec?
RADIUS is an efficient protocol for authentication purposes that uses the UDP transport protocol. Nonetheless, some traffic will not be encrypted during transport. This can be avoided by using [RadSec (RFC 6614)](https://tools.ietf.org/html/rfc6614) which is transported over TCP and completely encapsulated within a TLS tunnel.
## Authentication Certificates
The easiest way to push device or user certificates to your clients is [SCEPman](https://www.scepman.com/), as it is super-easy to deploy and integrates seamlessly with Intune and other MDM systems.\
\
You can also use the [Microsoft Cloud PKI](https://docs.radiusaas.com/configuration/get-started/scenario-based-guides/microsoft-cloud-pki), your own on-premise PKI or other compatible CAs.
RADIUSaaS supports multiple CAs in parallel.
#### Online Certificate Verification
To check if a certificate is considered valid by your Certificate Authority (CA) **at authentication time**, RADIUSaaS leverages the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs).
{% hint style="info" %}
To reduce the amount of requests sent to an OCSP responder some certificates states will be [temporarily cached](https://docs.radiusaas.com/other/faqs/log-and-common-errors#certificate-status-was-revoked-previously).
{% endhint %}
## Our Service
### RADIUS
#### Admin Portal
Each customer has access to their own personal instance through their own RADIUSaaS Admin Portal, which can be used for tasks such as [creating users](https://docs.radiusaas.com/admin-portal/users#add), changing [allowed certificates](https://docs.radiusaas.com/admin-portal/settings/trusted-roots), [adding proxies](https://docs.radiusaas.com/admin-portal/settings/settings-proxy), creating [rules](https://docs.radiusaas.com/admin-portal/settings/rules) or performing troubleshooting using RADIUSaaS Insights.
#### RADIUS to RadSec Proxy
The service's internal RADIUS server only allows [RadSec](#what-is-radsec) connections. If your WiFi infrastructure does not support RadSec, RADIUSaaS features a [proxy](https://docs.radiusaas.com/admin-portal/settings/settings-proxy) functionality, which will establish a secure tunnel allowing you to use the service with traditional UDP-based RADIUS.
#### Guests, BYOD and IOT Devices
Some of your devices may not be able to receive certificates. Reasons could be that they are not managed by any policy provider/MDM system, or they are simply technically not able to work with certificates. \
In those cases, BYOD or guests scenarios, you can [add users](https://docs.radiusaas.com/admin-portal/users#add) to your instance and restrict the access to a specific time frame, if needed. This allows you to authenticate printers, TVs or other devices with a single instance of the service while using the same SSID.
### Regions
RADIUSaaS can be used globally.
**RADIUSaaS' core service** can be deployed into datacenters in the following regions and countries:
* Australia
* European Union
* United Kingdom
* United States of America
**RADIUS proxies** can be deployed into datacenters on [all continents](https://docs.radiusaas.com/admin-portal/settings/settings-proxy#regions).
### SCEPman Integration
Customers can choose from two RADIUSaaS & SCEPman Bundles:
* RADIUSaaS & SCEPman Enterprise
* RADIUSaaS & space.vars.SCEPmanSAAS\_ProductName
For both options the [SCEPman Connection](https://docs.radiusaas.com/admin-portal/settings/settings-server#scepman-connection) feature enables automatic issuance and renewal of RADIUSaaS server certificates through SCEPman.
#### SCEPman Edition Comparison
| | SCEPman Enterprise | SCEPman SaaS |
| -------------------------------------------------------------------------- | :--------------------------------------------------: | :--------------------------------------------: |
| **SCEPman runs in** | Customer's Azure Tenant | Vendor's Datacenters |
| **Infrastructure Cost** | Customer | Vendor |
| **Infrastructure Maintenance** | Customer / Azure | Vendor |
| **Configuration** | Customer | Customer |
| **Geo-Redundancy Option** | Yes | Planned |
| **RBAC for Certificate Master** | Yes | No |
| GPO-based enrolment
("AD enrolment")
| Yes | Planned |
| **Enrollment REST API** | Yes | Planned |
| **Logging** | Azure Monitor / Log Analytics | WebConsole |
| Subordinate CA /
CA hierarchy
| Yes | with
Bring your own Key Vault (BYOK)
|
| **Licensing Options** | SCEPman Enterprise
or
RADIUSaaS Bundle
| RADIUSaaS Bundle |
## Getting Started
Please follow the steps on the following page to get your clients ready authenticating with RADIUS-as-a-Service!
{% content-ref url="configuration/get-started" %}
[get-started](https://docs.radiusaas.com/configuration/get-started)
{% endcontent-ref %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.radiusaas.com/details.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.