You can configure a Generic RADIUS client to make it accessible through RADIUS authentication.
Identity as a Service supports RADIUS authentication and Extended Access Protocol (EAP) RADIUS authentication for RADIUS applications. EAP authentication functions as follows:
1. A TLS tunnel is created from the VPN client (a type of RADIUS application) to the RADIUS server.
2. Authentication is performed within that tunnel.
All communication between the VPN client and RADIUS server, including the TLS handshake and EAP messages, are packaged as RADIUS messages.
Identity as a Service supports two types of EAP authentication:
● PEAPv0 with MSCHAPv2
This authentication protocol sends MSCHAPv2 messages over the EAP protocol. It does not support challenge messages. Only first-factor token authentication is supported.
● PEAPv1 with EAP-GTC
This EAP protocol supports challenge/response to provide two-step authentication.
The type of EAP authentication used depends on the type of VPN server (that is, RADIUS application). Identity as a Service allows you to customize the EAP for each RADIUS application.
Note: To add or edit RADIUS applications, you must have a role with Enterprise Gateway and Agents Management View access.
Topics in this section:
● RADIUS integration prerequisites
● Integrate generic RADIUS applications
Note: For information on integrating Identity as a Service with RADIUS and VPN applications, see the Technical Integration Guides.