RADIUS authentication environment requirements - 7.0

Assure Security Web User Interface Guide

Version
7.0
Language
English
Product name
Assure Security
Title
Assure Security Web User Interface Guide
Copyright
2024
First publish date
1999
Last updated
2024-10-15
Published on
2024-10-15T10:28:29.100769

RADIUS authentication requires that an Assure MFA administrator perform certain steps to set up the RADIUS server for authentication.

To use RADIUS authentication with Assure Multi-Factor Authentication, the following are required:

  • The RADIUS server must be configured to recognize the IBM i as a valid RADIUS Client.
  • The RADIUS server must be registered to Assure MFA on the IBM i using the command WRKQASRV.
  • Communication must be established between the RADIUS server and the IBM i.

This requires that you be in contact with the RADIUS administrator to:

  • Provide the IBM i IP address and additional information needed so that the RADIUS administrator can register the IBM i Assure MFA software as a RADIUS client.
  • Get the RADIUS server IP address.
  • Ask for the shared secret used between the RADIUS server and the RADIUS client.

The following preparations must be performed before you can use RADIUS authentication with MFA:

  • The RADIUS server administrator needs to declare the IBM i server running Assure MFA as a RADIUS client. The RADIUS administrator also needs to register the users who will use RADIUS tokens for authentication by means of Assure MFA. Refer to the section How to set up the RADIUS server to work with Assure MFA in the Assure MFA User Guide for details.
  • The Assure MFA administrator must register the RADIUS server and map the profile names on the server with the name of the users on the RSA server if needed. Refer to the section How to register the RADIUS servers and users in the Assure MFA User Guide for details.
    Note: In a production environment, the RADIUS servers are configured and maintained by a dedicated team on the RADIUS server side.
  • Users who will authenticate using RADIUS tokens must have the token software installed on their mobile device or PC or must have a hardware device for token generation. For example, if the RADIUS server is an RSA server, the users need to install the RSA SecurID Software Token on their PC and load a Token file provided by the RSA administrator. Refer to the section How to install RSA SecurID Token on the user’s PC or mobile device in the Assure MFA User Guide for details.

After all the preparations have been completed, you should define a rule to test the authentication with a RADIUS server.