Search…
RADIUS

Configuration Steps

Step 1: RADIUS Proxies

This is a mandatory step.
In order to bridge the RADIUS protocol from your network appliances to our internal RADIUS server's RadSec ports, please add RADIUS proxies to your instance as described here:

Step 2: Server Certificate

This is a mandatory step.
Since the client will establish a TLS tunnel directly to RADIUSaaS during network authentication, a trusted TLS certificate is required. This can be generated directly from the RADIUSaaS Admin Portal or imported if you already own a suitable certificate.
If you are planning to use RADIUSaaS along with Android devices, you must create a custom CA or upload your own certificate that was signed by a CA. The default self-signed server certificate will not allow Android devices to connect to RADIUSaaS.
  1. 1.
    Create a custom CA, upload your own certificate or use the default self-signed server certificate as described here.
  2. 2.
    Download the active server certificate as described here. You will need it later on for the Intune device profile.

Step 3: Trusted Root CA

This is a mandatory step.
  1. 1.
    Tell your RADIUSaaS instance which certificates will be allowed to connect as described here .

Step 4: Network Gear Configuration

This is a mandatory step.

WiFi Access Points

For some popular vendors, we have prepared representative step-by-step guides here. While we are not able to provide documentation for every vendor, in general, the following steps apply:
  1. 1.
    Create a new RADIUS profile.
  2. 2.
    Configure an external RADIUS server
    1. 1.
      As server IP address, configure the IP address of your proxy.
    2. 2.
      Take the shared secret from your Server Settings page
    3. 3.
      Configure the standard ports for RADIUS authentication (1812) and accounting (1813 - optional)
  3. 3.
    Assign the profile to the relevant SSID(s).

Wired (LAN) Switches

Currently, we have not prepared sample guides for switch appliances yet. However, the configuration steps are similar to the ones for WiFi Access Points. In case you face difficulties, please reach out to us.

Step 5: Configure your MDM Deployment Profiles

This is a mandatory step.

Server Certificate

To enable trust between the client and RADIUSaaS, configure a trusted certificate profile in your preferred MDM solution:
Microsoft Intune

Jamf

WiFi Profile

To configure a WiFi profile in your preferred MDM solution, follow one of these guides:
Microsoft Intune
Jamf

Wired (LAN) Profile

To configure a wired (LAN) profile for your stationary devices in your preferred MDM solution, follow one of these guides:
Microsoft Intune
Jamf

Step 6: Rules

This is an optional step.
If you would like to configure additional rules, for example to assign VLAN IDs or limit authentication requests to certain trusted CA or WiFi access points, please check out the RADIUSaaS Rule Engine.