RADIUS Authentication for Access Server VPN Users

Abstract

Access Server supports Remote Authentication Dial-In User Service (RADIUS) as an authentication method.

You can configure it directly in the Admin Web UI. Sign in to your Admin Web UI and click Authentication > Settings. Alternatively, you can configure this from the command line by changing the configuration key, auth.module.type.

Notice

Access Server 2.10 and newer supports more than one authentication system for your users. For instance, you can set up your end users with LDAP authentication integrated with Active Directory and create your VPN administrator accounts with local authentication. For more information, refer to Access Server’s User Authentication System.

RADIUS authentication overview

Remote authentication dial-in user service (RADIUS) is another protocol used for directory service authentication. You can use RADIUS to integrate Access Server with directory services such as Active Directory, Okta, open-source programs, etc.

RADIUS requires configuration in the Admin Web UI before it can be used to authenticate users. These settings include which server to contact and any required shared secret code to access the authentication backend.

Once configured, Access Server checks the RADIUS server to validate credentials when a user connects to the VPN.

Important

Access Server can't make password changes for users in RADIUS.

RADIUS tutorials

In this section: