Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID provides a RADIUS Server support for managing authentication and authorization of RADIUS devices. Doing so involves configuring the RADIUS device to remotely access EmpowerID, configuring EmpowerID for the remote RADIUS device, and configuring the EmpowerID Password Manager Policy for RADIUS.

Tip

The EmpowerID RADIUS Server is now available in a new version that runs as a Docker container and integrates with flexible ABAC authorization policies that can be managed and assigned in the web interface.

This article demonstrates configuring EmpowerID for RADIUS by configuring EmpowerID for the Cisco ASA 5505 RADIUS device and covers how to:

  • Configure Cisco server settings

  • Configure EmpowerID RADIUS Settings

  • Configure the EmpowerID Password Manager Policy for RADIUS

Configure the Cisco Server Settings

  1. On the Cisco server, open the Cisco ASDM.

  2. Click Configuration on the toolbar.

  3. Click the Device Management panel at the bottom of the screen.

  4. Expand Users/AAA and select AAA Server Groups.

  5. Add the following settings to set up the server group and then click OK when completed.

    1. Name

    2. Protocol — Select RADIUS from the drop-down.

      Image Removed

       

  6. In the Servers in the Selected Group section, click Add to the right and then enter the following settings:

    1. Server Name or IP Address — This should be the IP address or server name of the EmpowerID server.

    2. Interface Name— This should be the same interface as the EmpowerID server.

    3. Server Authentication Port— Set this to 1812.

    4. Server Secret Key

    5. Common Password— This should be the same password as the Server Secret Key.

    6. Microsoft CHAPv2 Capable— Make sure this is selected.

  7. Click OK to save the RADIUS Server Group settings.

  8. Click Apply to apply the settings.

  9. Make sure the Server Group method on the connection profile is set to RADIUS.

  10. Apply and save the configuration.

  11. Once configured, your RADIUS Server Group settings should look similar to the following image.

    Image Removed

Configure EmpowerID RADIUS Settings

  1. On the navbar, expand Single Sign-On > SSO Connections and click RADIUS Connections.

  2. On the RADIUS Connections page, click the Add Connection button above the grid.

    Image Removed

  3. In the Connection Details form that appears, enter the following:

    • Name — Name of the RADIUS connection

    • Shared Secret — Secret key set for the RADIUS server group on the CISCO deviceType the IP address for the CISCO device in the Start Allowed IP field.

    • Start Allowed IP — IP address for the CISCO device

    • End Allowed IP — IP address for the CISCO device

    • Click Save.

      Image Removed

Configure the Password Manager Policy

  1. On the navbar, expand Admin > Password Management and click Password & Login Policies.

  2. Search for the policy to which you want to enable RADIUS authentication and then click the Display Name link for that policy.

    Image Removed

  3. On the Policy Details page that appears, click the Edit link to put the policy in edit mode.

    Image Removed

  4. On the Edit page for the policy, select the Authentication Settings tab and in the RADIUS Policy section do the following:

    1. Select Enable Authentication to allow RADIUS authentication.

    2. Select Require Second Factor Authentication if two-factor auth for RADIUS is required in your environment.

    3. Select Enable RADIUS Login if No Token Assigned according to your requirements.

  5. Click Save to save your changes to the policy.

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue