RADIUS third-party token support
RADIUS is a configuration that can be used with any third-party token. Its purpose is to provide enterprises with a simple and effective migration path from their existing third-party vendor’s authentication product to SafeNet Trusted Access (STA) and, in the process, extend most of the STA management functionality including PIN management, automated provisioning, authentication history and reporting, and pre-authentication rules to users with the third-party tokens.
This method bears similarity with RADIUS proxy but there are substantial differences:
Similarities | Differences |
---|---|
SafeNet Trusted Access is configured as a RADIUS Client to the third-party RADIUS server. Configuration is standard RADIUS – IP, port #, shared secret. |
In RADIUS proxy, all user, token management, authentication history, reporting etc. must be done at the third-party RADIUS server. However, in RADIUS token mode, all management can be done through SafeNet Trusted Access except for reassignment of third-party tokens. |
Any third-party tokens imported into SafeNet Trusted Access using the RADIUS option automatically use the method as configured in this module.
The following diagram illustrates migration using RADIUS token:
-
On the STA Token Management console, select Policy > Token Policies > Third-Party Authentication Options.
-
In the Third-Party Token Type list, select RADIUS and select Edit.
-
Configure the options as required:
-
RADIUS IP—This is the IP address of the third-party authentication server’s RADIUS server. During authentication, SafeNet Trusted Access will pass the OTP via this connection to the third-party server for passcode verification.
-
Secondary RADIUS IP—Provides redundancy for the RADIUS IP setting above. This setting is optional but recommended.
-
RADIUS Port—The port number on to be used for RADIUS requests. Default is 1812. This value must match the settings at the third-party authentication server.
-
RADIUS Shared Secret—This is the shared secret used to encrypt RADIUS traffic. It must be identical in both SafeNet Trusted Access and the third-party RADIUS server.
-
User Name—User ID. Must exist in both STA and the third-party RADIUS server. In addition, the token assigned to the user must have been imported as a “RADIUS” token and must be the same token assigned to the user in the third-party server.
-
User Password
-
Test—Provides a way to test the configuration before saving the changes. Displays the results of the authentication test.
See also bulk assign third-party tokens.
-