Page Comparison

EmpowerID provides RADIUS Server support for managing authentication of RADIUS devices. Doing so involves configuring the RADIUS device to remotely access EmpowerID, configuring EmpowerID for the remote RADIUS device, and configuring the EmpowerID Password Manager Policy for RADIUS.

This topic demonstrates configuring EmpowerID for RADIUS by configuring EmpowerID for the Cisco ASA 5505 RADIUS device and is divided into the following activities:

• Configuring Cisco server settings
• Configuring EmpowerID RADIUS Settings
• Configuring the EmpowerID Password Manager Policy for RADIUS

To configure the Cisco Server Settings

1. On the Cisco server, open the Cisco ASDM."
2. Click Configuration Click Configuration on the toolbar.
3. Click the Device Management panel at the bottom of the screen.
4. Expand Expand Users/AAA AAA and select select AAA Server Groups.
5. Add the following settings to set up the server group and then click OK when completed.
   1. Name
   2. Protocol — Select RADIUS from the drop-down.
      
      
      
      
6. In the the Servers in the Selected Group Group section, click Add click Add to the right and then enter the following settings:
   1. Server Name or IP Address — This should be the IP address or server name of the EmpowerID server.
   2. Interface Name — This should be the same interface as the EmpowerID server.
   3. Server Authentication Port — Set this to 1812.
   4. Server Secret Key
   5. Common Password — This should be the same password as the Server Secret Key.
   6. Microsoft CHAPv2 Capable — Make sure this is selected.
      
      
7. lick OK Click OK to save the RADIUS Server Group settings.
8. Click Apply Click Apply to apply the settings.
9. Make sure the Server Group method on the connection profile is set to RADIUS.
10. Apply and save the configuration.
11. Once configured, your RADIUS Server Group settings should look similar to the following image.
    
    

To configure EmpowerID RADIUS Settings

1. From the Navigation Sidebar of the EmpowerID Web interface, expand expand Admin > SSO Connections Connections and click click RADIUS Connections.
2. From the RADIUS Connections page, click the the Add Connection Connection  button.
   Image Removed
   Image Added
   
   
   
3. In the Connection Details form that appears, do the following:
   1. Type the name of the RADIUS connection in the Name the Name field.
   2. Type the IP address for the CISCO device in the the Start Allowed IP IP field.
   3. Type the IP address for the CISCO device in the the End End Allowed IP IP field.
   4. Type the same Secret Key set previously for the RADIUS server group on the CISCO device in the the Shared Secret Secret field.
   5. Click Click Save.
      Image Removed
      Image Added

To configure the Password Manager Policy

1. From the Navigation Sidebar, expand Admin > Policies and click Password Manager Policies.
2. From the Password Manager Policies page, search for the policy to which you want to enable RADIUS authentication and click the the Display Name Name link for that policy.
   Image Removed
   Image Added
   
   
   
3. From the Policy Details page for the policy that appears, click the policy Edit policy Edit link.
   Image Removed
   Image Added
   
   
   
4. On the Edit page for the policy, click the the Authentication Settings Settings tab and in the the RADIUS Policy Policy section do the following:
   1. Select Select Enable Authentication Authentication to allow RADIUS authentication.
   2. Select Select Require Second Factor Authentication Authentication if two-factor auth for RADIUS is required in your environment.
   3. Select Select Enable RADIUS Login if No Token Assigned Assigned according to your requirements.
      Image Removed
      
   Click Save 
   1. 
      Image Added
      
      
      
      
5. Click Save to save your changes to the policy.