Azure® VPN with RADIUS Authentication

Written by Zach DeMeyer on June 10, 2019

Share This Article

The Microsoft® Azure® platform is highly popular in this era of cloud IT infrastructure. As such, many IT admins are trying to ensure that their users’ access to Azure is secure. One method that is piquing interests is the use of an Azure VPN with RADIUS authentication.

Of course, the question then becomes how do you manage VPN access for Azure? There are several ways to do so, including RADIUS authentication, but some ways are better than others. Let’s break them down.

Authenticating VPNs for Azure

Active Directory®

One way to authenticate VPN access to Azure with RADIUS is through Microsoft Active Directory. When using RADIUS, IT admins need to authenticate users back to the directory service to ensure that the users accessing a VPN are authorized. For many organizations, the traditional directory service is also used to manage user access to their Azure instances. A RADIUS server is then used to authenticate access to the VPN, which serves as the secure tunnel for remote network connection.

As more and more IT infrastructure moves to the cloud, the thought of using Active Directory (AD) becomes less appealing for admins. Since it is an on-prem directory service, AD requires a whole host of additional solutions to connect to the various resources leveraged from the cloud today. RADIUS servers and VPNs simply top the list in this case. All of these add-ons end up racking up the costs for IT organizations.

Of course, RADIUS servers still need to authenticate against a directory service to authorize VPN access to Azure. So, if not AD, what should IT admin’s use then? Well, it only makes sense that if an IT organization is using cloud infrastructure and VPNs terminating in the cloud, shouldn’t they use a cloud directory service as well?

Cloud Directory Service

Using a cloud directory service, IT organizations save time and money spent on purchasing, managing, and housing on-prem AD and its cadre of additional solutions. Using an Azure VPN with RADIUS authentication and a cloud directory service is very similar to how one would do it with AD.

There is, however, a next-generation cloud directory service that foregos the need for implementing a RADIUS server by offering its own cloud hosted RADIUS-as-a-Service. As such, identities are authorized by the directory service to RADIUS almost instantly. This cloud directory service is also partnered with popular open-source VPN provider, OpenVPN, which significantly simplifies authorizing VPN access with RADIUS. Of course, the cloud directory service can support other VPNs as well.

So lastly comes Azure. Microsoft solutions are notorious for “not playing nice” with options from their competitors, but interacting effectively with other Microsoft tools. But, how does this next-gen cloud directory fare in regards to authenticating Azure identities? The answer is that IT admins can synchronize their identities from Azure, G Suite, or elsewhere so that they are all the same, so no extra work for IT admins and friction for end users.

Use JumpCloud® for Azure VPN RADIUS Authentication

The next-gen cloud directory service is called JumpCloud Directory-as-a-Service®. JumpCloud is completely vendor-neutral, meaning that authenticating remote access to Azure via a VPN and through RADIUS is a relatively painless process. JumpCloud admins can simply point their user identities towards their VPN service, and JumpCloud practically does the rest. Plus, if you would like to add multi-factor authentication (MFA) to your VPN access, you can do that as well for no extra cost.

Directory-as-a-Service doesn’t just stop at Azure VPN access. IT organizations can use JumpCloud to manage their users and their access to systems, email, applications, networks, infrastructure, and more. A reimagination of AD for the modern era, JumpCloud is a comprehensive cloud directory solution that is in use by over 75k companies worldwide.

If you are interested in managing access to Azure using VPN and RADIUS authentication plus 2FA, or want to manage the rest of your IT resources as well, you can try Directory-as-a-Service for free. A JumpCloud account includes ten users forever at no cost to you. Need to learn more? Drop us a line; we’d be happy to chat.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter