How to Remove Second Factor Methods from RADIUS

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth version affected: All

    Description: RADIUS can integrate with one of more SecureAuth realms to authenticate users though a RADIUS client. RADIUS does this by leveraging the configurations from those realms, such as Data and Multi-Factor Methods. Because of this, the second factor method options that appear in connecting RADIUS clients, can be altered through the SecureAuth realm(s) that radius is paired with.

    **For example purposes, I will be using NTRadPing as my RADIUS client.

    To view the SecureAuth realms that RADIUS is integrated with, the following URL can be visited from a SecureAuth IdP server with RADIUS installed:


    To view the Authentication Workflow settings of RADIUS, click the Radius Clients tab or visit:

    The "i" icon can be clicked for more information.


    When establishing a connection with a RADIUS client, we can see what second factor methods are enabled by what appears in the reply prompt.
    For this example, we see that the second factor method OATH time-based passcode is enabled by the reply prompt "Enter a time-based passcode".


    To disable this, or any other, second factor method we would simply have to visit the SecureAuth realm(s) that RADIUS is integrated with and disable the second factor method there.

    Admin Console ->  Admin Realm -> SecureAuth# -> Multi-Factor Methods

    For this example, we are setting Time-based Passcodes to Disabled.


    After saving, establish another connection with a RADIUS client. You should see that the disabled second factor method is no longer apart of the RADIUS reply prompt.

    For this example, the reply prompt no longer displays "Enter a time-based passcode" as an option.


    0 out of 0 found this helpful



    Please sign in to leave a comment.