Note: Currently Evo Radius server only supports PAP authentication which is working well with most VPN server services. Other services which do not support PAP will not work with Evo Radius.
Prerequisite:
If you haven't done so already, please create an SSO Reset Frequency Rule.
Submitting the RADIUS Server request
Once Submitted, this request will be completed within 2 business days.
- From the left nav menu, select My Company. Alternatively, select Customers and and choose a customer from the list.
- Select Endpoints from the left nav menu.
- Click the RADIUS tab.
- You will now see a table of your RADIUS servers and their status. Do note, this is a READ-ONLY table. You cannot make any edits or delete servers from here. If you wish to do so, please reach out to support@evosecurity.com
- You will now see a table of your RADIUS servers and their status. Do note, this is a READ-ONLY table. You cannot make any edits or delete servers from here. If you wish to do so, please reach out to support@evosecurity.com
- Click the Create RADIUS Server button.
- Fill out the required information:
- Select your directory
- Provide a Server Name
- Enter the IP Address: The RADIUS server will be configured to only allow inbound connections from this IP address. Should be Public.
- Create a Shared Secret (*NOTE: This Shared Secret should be stored and saved as it will not be accessible after creation)
- Click Submit Request to Evo when finished
- In the confirmation dialog box, click Continue.
Your RADIUS Request has been sent! As previously mentioned, allow us 2 business days to complete this request. You will be notified once complete.
Configuring RADIUS Server authentication
Some platforms are easier to configure than others. If you have questions or need assistance, please Submit a Support Request.
- Choose the option for RADIUS authentication in the platform you are intending to use.
- Use the server and port provided in the completed RADIUS Server request response.
- Provide the shared secret entered at the time of the RADIUS Server request.
- Test the authentication with a known credential in the directory chosen in the RADIUS request.
No Access to push notifications? No problem!
If you are using RADIUS with AD-Synced accounts, and there is no support for push notifications, use the following:
Username: the user's user principal name
Password: use this format password,totpcode
where password
is the user's password, and totpcode
is the 6 digit TOTP code
RADIUS Troubleshooting
- When requesting a RADIUS server make sure you select the appropriate directory and that your users are associated with the directory or they will not be able to connect to the RADIUS instance.
- Save the Secret Key and client IP address somewhere secure during your request. If there are any issues, verify your IP and Secret Key match in your configurations to the same ones requested from Evo. Make sure your public IP address is accessible.
- Check your firewall and ensure that the Public IP and that port 1812 is open and accessible to the RADIUS instance.