RADIUS Technical Considerations and Protocol Support

Help Center Home > Authentication > RADIUS Technical Considerations and Protocol Support

RADIUS Technical Considerations and Protocol Support

黑料海角91入口's cloud-based RADIUS service extends your organization's user 黑料海角91入口 credentials to your WiFi and other resources that support the RADIUS protocol. This document will give details on the different options and combinations available for various RADIUS protocols, along with the technical considerations admins need to keep in mind.

RADIUS Client Public IP Considerations

Your public IP can only be used one time in 黑料海角91入口.
Only public IPv4 is supported. IPv6 is not supported.
If your public IP Address is dynamic and not statically assigned by your ISP, you will need to update the RADIUS configuration within 黑料海角91入口 to reflect the newly assigned IP Address. You may change this either within the Admin Portal or via the API .

Authentication Protocols Supported by 黑料海角91入口

Mutual TLS (mTLS)
- EAP-TLS
TLS encryption
- PEAPv0 (MSCHAPv2-based)
- EAP-TTLS/PAP
Shared key encryption:
- EAP-MSCHAPv2
- MSCHAPv2
- PAP*

Warning:

PAP encryption is weak; 黑料海角91入口 strongly recommends using protocols other than PAP.
Mac and iOS devices require additional configuration to use EAP-TTLS/PAP authentication for wireless clients.
- See: EAP-TTLS/PAP Initial Configuration on Mac & iOS Devices for 黑料海角91入口 RADIUS client

Note:

All protocols are always available. The user or admin will configure the device to select a single protocol during the authentication attempts being made to the network. That decision should be based on the desired Multi-Factor Authentication (MFA) or primary Identity Provider (IdP) to be used.

Protocol Support for 黑料海角91入口 MFA:

Protocol	Method
PEAPv0	Push
EAP with TTLS/PAP	TOTP/Push
EAP-MSCHAPv2	Push
MSCHAPv2	Push
PAP	TOTP/Push
EAP-TLS	None

MFA methods:

TOTP: uses an authenticator App (like 黑料海角91入口 Protect, Microsoft Authenticator, or Google Authenticator) to generate 6-digit codes
Push: uses 黑料海角91入口 Protect in-App push notifications
We recommend turning on MFA for Radius for VPN. We don鈥檛 currently recommend that you enable RADIUS TOTP MFA on your wireless network servers, however 黑料海角91入口 Protect Mobile Push can be used on RADIUS VPN servers and wireless network RADIUS servers.

See: 黑料海角91入口 MFA Guide.

Entra ID Delegated Authentication

For organizations planning to use Entra ID as their IdP,聽they need to聽import those users into 黑料海角91入口 and assign them to a User Group that has access to the RADIUS server.
- See: Authenticate to RADIUS with Entra ID
When authenticating with Entra ID, the UPN in Entra ID should match the company email address in 黑料海角91入口 and the user should be using this attribute for their Radius login.
- See: Configure Real-time User Provisioning from Entra ID

Protocol Support for Entra ID Delegated Authentication:

Protocol	MFA
EAP with TTLS/PAP	None
PAP	None

Note:

MFA is not supported when authenticating through an IdP other than 黑料海角91入口, such as Entra ID.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

黑料海角91入口