Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

RADIUS integration

RADIUS attributes for users or groups

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - SAS PCE Windows Services Startup Recommendations
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
RADIUS integration
RADIUS attributes for users or groups

RADIUS attributes for users or groups

You can apply RADIUS attributes to users or groups. RADIUS attributes that are set for a user take precedence over attributes that are set for the groups to which the user belongs. The RADIUS attributes for both users and groups are the same.

When RADIUS attributes are set for a group, the attribute is returned for each member of the group when they authenticate.

To define user-based RADIUS attributes, use either the SafeNet FreeRADIUS Agent or Microsoft NPS. Both the FreeRADIUS Agent and Microsoft NPS are capable of returning RADIUS attributes that are defined in SAS to the RADIUS client.

By default, RADIUS return attributes are defined for all Auth Nodes, or they can be restricted to selected auth nodes (excluding shared Auth Nodes) by using the Restrict To Auth Nodes check box.

When authenticating with a RADIUS token, SAS also passes RADIUS attributes to the RADIUS client that were received from an external RADIUS server. This is beneficial for authentication requests that may go to a third-party authentication service and then return through SAS. This is also useful for migrations where an external RADIUS server continues to authenticate users that are not yet migrated to SAS. With this feature, the RADIUS client can receive the same external attributes during the migration phase than before migration (without SAS).

Also, refer to Block RADIUS authentication.

SAS returns the attributes received from the external server after attributes that are configured in SAS. If the same attribute is configured in the external server and in SAS but with different values, it is up to the RADIUS client as to how this is interpreted. It is advised to avoid conflicting attribute definitions in SAS and the external RADIUS server.

Set RADIUS attributes for a user

On the SAS console, search for a user on the Assignment tab.
Select the user.
Click RADIUS Attributes (user).
Click Add.

The options and input values vary according to your selections. Consult your network equipment vendor’s documentation for guidance on which attributes to use.
Select Add.
Repeat as necessary to add more attributes.

Set RADIUS attributes for groups

On the SAS console, navigate to Groups > RADIUS Attribute (Group).
Select the group, and then select New.

The options and input values vary according to your selections. Consult your network equipment vendor’s documentation for guidance on which attributes to use.
Click Add.
Repeat as necessary to add more attributes.

View RADIUS attributes for a group

On the SAS console, select Groups > RADIUS Attribute (Group).
Select the group, and then select Search.

The attributes that are assigned to the group are listed.
To modify an attribute, click Edit, change the settings, and then click Save.
To remove the group attribute, click Remove and then click Remove to confirm.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com