Generic RADIUS (Remote Authentication Dial-In User Service) authentication can be configured on Sectona PAM. This offers a wide range of alternative two-factor token-based authentication options.

Before you begin

  • You need to setup the RADIUS server in your environment.

  • Make sure the users have the token generating devices available with them.

Configuring Generic Radius with Sectona

To configure Generic Radius on Sectona follow the below-recommended steps:

  • Login to PAM as an administrator.

  • Go to Configuration Multifactor AuthenticationGeneric Radius.

  • Fill in the following details:

    • Primary Server: This specifies the IP address of the RADIUS server.

    • Secondary Server: You can set up a secondary RADIUS authentication server to be used for high availability. If the primary RADIUS server does not respond within the server timeout configured for RADIUS authentication, the request is routed to the secondary server. When the primary server does not respond, the secondary server receives all future authentication requests.

    • Port No: Specify the port number for server communication. The default port number is 1812.

    • Password/Shared Key: Provide the password for the specified username for authentication.

    • Timeout (Seconds): Provide the timeout period for communication attempts from the PAM server to the RADIUS server.

  • Click on Active to activate the configuration.

  • Click on Save and Generic RADIUS MFA will be enabled.

For enabling Generic RADIUS MFA for users, the administrator will need to assign User Access Policy with MFA Type as Generic Radius, for more information, refer Setting up user access policy.