Two Factor Authentication via RADIUS

RADIUS is a well-established, vendor-neutral network protocol used for Authentication, Authorization and Accounting (AAA). It is an Internet standard that was primarily designed to authenticate remote users for dial-up services, and it is widely implemented by numerous network security vendors such as Cisco, Juniper, Citrix and Checkpoint. Today, two factor authentication via RADIUS is well-regarded as a secure implementation and is often relatively straightforward to configure.

A RADIUS authentication exchange involves a "client" and a "server," but in the most common case, the end-user is neither! The RADIUS protocol is typically used between network servers or appliances - there should be no need to open additional firewall ports in order to support RADIUS.

In the standard case of using PortalGuard for Two factor authentication via RADIUS, a network security appliance, firewall or Network Access Server (NAS) is the "RADIUS client" or "NAS client" and the PortalGuard server acts as the "RADIUS server". The end-user only communicates directly with the NAS client to provide the login information.

In the case of RADIUS and two factor authentication, the user provides a username, password and one-time passcode (OTP) to the NAS client which in turn relays it to the RADIUS server for verification.

For more information please contact us via phone, email or Live Chat. To see more technical detail, please see the blog article RADIUS Authentication Management.