You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Configure the EmpowerID RADIUS Server
EmpowerID provides a RADIUS Server support for managing authentication and authorization of RADIUS devices. Doing so involves configuring the RADIUS device to remotely access EmpowerID, configuring EmpowerID for the remote RADIUS device, and configuring the EmpowerID Password Manager Policy for RADIUS.
The EmpowerID RADIUS Server is now available in a new version that runs as a Docker container and integrates with flexible ABAC authorization policies that can be managed and assigned in the web interface.
This article demonstrates configuring EmpowerID for RADIUS by configuring EmpowerID for the Cisco ASA 5505 RADIUS device and covers how to:
Configure Cisco server settings
Configure EmpowerID RADIUS Settings
Configure the EmpowerID Password Manager Policy for RADIUS
Configure the Cisco Server Settings
On the Cisco server, open the Cisco ASDM.
Click Configuration on the toolbar.
Click the Device Management panel at the bottom of the screen.
Expand Users/AAA and select AAA Server Groups.
Add the following settings to set up the server group and then click OK when completed.
Name
Protocol — Select RADIUS from the drop-down.
Â
In the Servers in the Selected Group section, click Add to the right and then enter the following settings:
Server Name or IP Address — This should be the IP address or server name of the EmpowerID server.
Interface Name— This should be the same interface as the EmpowerID server.
Server Authentication Port— Set this to 1812.
Server Secret Key
Common Password— This should be the same password as the Server Secret Key.
Microsoft CHAPv2 Capable— Make sure this is selected.
Click OK to save the RADIUS Server Group settings.
Click Apply to apply the settings.
Make sure the Server Group method on the connection profile is set to RADIUS.
Apply and save the configuration.
Â
Configure EmpowerID RADIUS Settings
On the navbar, expand Single Sign-On > SSO Connections and click RADIUS Connections.
On the RADIUS Connections page, click the Add Connection button above the grid.
In the Connection Details form that appears, enter the following:
Name — Name of the RADIUS connection
Shared Secret — Secret key set for the RADIUS server group on the CISCO deviceType the IP address for the CISCO device in the Start Allowed IP field.
Start Allowed IP — IP address for the CISCO device
End Allowed IP — IP address for the CISCO device
Click Save.
Â
Configure the Password Manager Policy
On the navbar, expand Admin > Password Management and click Password & Login Policies.
Search for the policy to which you want to enable RADIUS authentication and then click the Display Name link for that policy.
On the Policy Details page that appears, click the Edit link to put the policy in edit mode.
On the Edit page for the policy, select the Authentication Settings tab and in the RADIUS Policy section do the following:
Select Enable Authentication to allow RADIUS authentication.
Select Require Second Factor Authentication if two-factor auth for RADIUS is required in your environment.
Select Enable RADIUS Login if No Token Assigned according to your requirements.
Click Save to save your changes to the policy.
IN THIS ARTICLE