SecureAuth version affected: All
Description: RADIUS can integrate with one of more SecureAuth realms to authenticate users though a RADIUS client. RADIUS does this by leveraging the configurations from those realms, such as Data and Multi-Factor Methods. Because of this, the second factor method options that appear in connecting RADIUS clients, can be altered through the SecureAuth realm(s) that radius is paired with.
**For example purposes, I will be using NTRadPing as my RADIUS client.
To view the SecureAuth realms that RADIUS is integrated with, the following URL can be visited from a SecureAuth IdP server with RADIUS installed:
http://localhost:8088/listEndpoints
To view the Authentication Workflow settings of RADIUS, click the Radius Clients tab or visit:
http://localhost:8088/listClients
The "i" icon can be clicked for more information.
When establishing a connection with a RADIUS client, we can see what second factor methods are enabled by what appears in the reply prompt.
For this example, we see that the second factor method OATH time-based passcode is enabled by the reply prompt "Enter a time-based passcode".
To disable this, or any other, second factor method we would simply have to visit the SecureAuth realm(s) that RADIUS is integrated with and disable the second factor method there.
Admin Console -> Admin Realm -> SecureAuth# -> Multi-Factor Methods
For this example, we are setting Time-based Passcodes to Disabled.
After saving, establish another connection with a RADIUS client. You should see that the disabled second factor method is no longer apart of the RADIUS reply prompt.
For this example, the reply prompt no longer displays "Enter a time-based passcode" as an option.
Comments
Please sign in to leave a comment.