RADIUS
This is a mandatory step.
This is a mandatory step.
Since the endpoint device will establish a TLS tunnel to RADIUSaaS during network authentication, a trusted TLS certificate is required. This can be generated directly from the RADIUSaaS Admin Portal or imported if you already own a suitable certificate.
Please ensure to download the root CA certificate (highlighted in green). This root certificate must later be deployed to your endpoint devices - not the server certificate itself. In case you are using SCEPman to create a server certificate, you probably already have the SCEPman root CA certificate deployed into the trust store of your endpoints.
This is a mandatory step.
- 1.
This is a mandatory step.
For some popular vendors, we have prepared representative step-by-step guides here. While we are not able to provide documentation for every vendor, in general, the following steps apply:
- 1.Create a new RADIUS profile.
- 2.Configure an external RADIUS server
- 1.
- 2.
- 3.Configure the standard ports for RADIUS authentication (1812) and accounting (1813 - optional)
- 3.Assign the profile to the relevant SSID(s).
Currently, we have not prepared sample guides for switch appliances yet. However, the configuration steps are similar to the ones for WiFi Access Points. In case you face difficulties, please reach out to us.
This is a mandatory step.
For Jamf Pro
We strongly recommend to configure all 802.1X-relevant payloads in a single Configuration Profile in Jamf - and one Configuration Profile per assignment type (Computers, Devices, Users).
To enable trust between the client and RADIUSaaS, configure a trusted certificate profile in your preferred MDM solution:
Microsoft Intune
To configure a WiFi profile in your preferred MDM solution, follow one of these guides:
Microsoft Intune
Jamf Pro
To configure a wired (LAN) profile for your stationary devices in your preferred MDM solution, follow one of these guides:
Microsoft Intune
Jamf Pro
This is an optional step.
If you would like to configure additional rules, for example to assign VLAN IDs or limit authentication requests to certain trusted CA or WiFi access points, please check out the RADIUSaaS Rule Engine.
Last modified 1mo ago