Knowledge Base

Support Policies

How to Remove Second Factor Methods from RADIUS

SecureAuth version affected: All

Description: RADIUS can integrate with one of more SecureAuth realms to authenticate users though a RADIUS client. RADIUS does this by leveraging the configurations from those realms, such as Data and Multi-Factor Methods. Because of this, the second factor method options that appear in connecting RADIUS clients, can be altered through the SecureAuth realm(s) that radius is paired with.


**For example purposes, I will be using NTRadPing as my RADIUS client.

To view the SecureAuth realms that RADIUS is integrated with, the following URL can be visited from a SecureAuth IdP server with RADIUS installed:
http://localhost:8088/listEndpoints

1.jpg


To view the Authentication Workflow settings of RADIUS, click the Radius Clients tab or visit:
http://localhost:8088/listClients

The "i" icon can be clicked for more information.

5.jpg


When establishing a connection with a RADIUS client, we can see what second factor methods are enabled by what appears in the reply prompt.
For this example, we see that the second factor method OATH time-based passcode is enabled by the reply prompt "Enter a time-based passcode".

2.jpg


To disable this, or any other, second factor method we would simply have to visit the SecureAuth realm(s) that RADIUS is integrated with and disable the second factor method there.

Admin Console ->  Admin Realm -> SecureAuth# -> Multi-Factor Methods

For this example, we are setting Time-based Passcodes to Disabled.

3.jpg


After saving, establish another connection with a RADIUS client. You should see that the disabled second factor method is no longer apart of the RADIUS reply prompt.

For this example, the reply prompt no longer displays "Enter a time-based passcode" as an option.

4.jpg

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.