Release Bulletin: RADIUS Authentication using Azure AD

Written by Krishnan Ramachandran on September 27, 2022

Share This Article

Many organizations have re-opened their offices, with employees working in a hybrid mode that has increased the complexity of the corporate network setup. IT admins have generally relied on RADIUS servers to enable secure user access to both WiFi or VPN, to help both remote and on-prem working models. 

Traditionally, RADIUS servers needed to be installed and managed on-prem to provide centralized authentication and authorization for users that use RADIUS services.

JumpCloud’s Cloud RADIUS, powered by the JumpCloud Directory Platform, has replaced the traditional on-prem server model with an on-demand cloud RADIUS solution that provides IT admins with the power of RADIUS without the burden on on-prem servers and management.

In addition, many organizations rely on Azure Active Directory as an access management component of their identity and access management program. While Azure AD assists organizations as they transition to a cloud-centered paradigm, it doesn’t include cloud-ready RADIUS access capabilities.

This creates a difficult situation for many IT admins, especially those in small to mid-sized enterprises (SMEs), who want to maximize access for their users while minimizing the number of vendors and siloed solutions necessary to make that happen. 

To help SME IT admins reduce complexity and overhead, JumpCloud recently released support for RADIUS authentication using Azure AD credentials.

What are the challenges of RADIUS with Azure AD?

To serve their resource access needs, admins can set up a Windows Network Policy Server (NPS) on-prem that can act as a RADIUS server enabling remote access to resources. However, the process involves a series of complex steps including:

  • Installing and provisioning the server
  • Configuring policies
  • Managing user access to the RADIUS server
  • Ongoing maintenance of the server including updating and patching. 

This creates a tremendous workload for admins and adds costs as they must manage a hybrid model of cloud + on-prem environments.

A better option for admins would be to use a dedicated cloud RADIUS service provider. However, this approach also adds additional complexity, as IT admins must manage user identities and their passwords across both the traditional Azure AD environment and in the cloud RADIUS solution itself.

Users must also manage their passwords within both Azure AD and the RADIUS access point. This adds administrative support costs as well as costs associated with compliance and audit, as passwords are managed in two different environments.

The problem can be solved by enabling users to access RADIUS with Azure AD credentials through a cloud RADIUS solution that supports delegated authentication.

Delegated authentication removes the need to duplicate passwords, login practices, and policies across multiple identity providers. It reduces admin workload for RADIUS access management, improves productivity, and reduces overall IT support costs – while also increasing end user productivity and satisfaction.

JumpCloud Cloud RADIUS with Azure AD

IT admins can now leverage JumpCloud’s Cloud RADIUS to deploy a virtual RADIUS server in minutes and enable secure user access to WiFi and VPN resources using their existing Azure AD credentials. It provides admins the power to extend their IT network while preserving Azure AD as the primary identity provider for RADIUS resources.

JumpCloud’s cloud RADIUS solution powered by the JumpCloud Directory Platform can help IT admins and users achieve:

  • Easy authentication – Users can use established credentials such as their Azure AD login to authenticate to RADIUS resources removing the need to remember multiple passwords.
  • Consolidated password management  – Users don’t have to create additional passwords (including within JumpCloud). This saves admins time and improves productivity.
  • Secure access – Admins gain peace of mind as this feature uses OAuth 2.0 for authorization and traffic between JumpCloud and Azure AD happens over a secure TLS communication channel.
  • Easy user provisioning –  IT admins can leverage Azure AD’s SCIM integration to import users to JumpCloud and to provision users to RADIUS without switching from Azure AD directory as the preferred source of identity and password. Any changes made in Azure AD will automatically be synchronized to JumpCloud with no manual intervention.
  • VLAN tagging – Admins can segment their IT network into multiple virtual networks with JumpCloud cloud RADIUS solution to enhance the network security and optimize performance.

Why should you use JumpCloud’s RADIUS solution with Azure AD?

While a RADIUS point solution may seem like a straightforward way to solve an organization’s IT network access requirements, the real issues come to light as IT needs keep expanding. The inherent weakness of these solutions shows up as additional vendors need to be on-boarded to address other gaps, which increases integration complexity and total cost of ownership.

JumpCloud cloud RADIUS offers the same RADIUS capabilities as these other point solutions, but its core strength lies in its ability to embrace RADIUS needs within the larger identity, access, and device management context.

JumpCloud’s open directory platform can consolidate all of your organization’s identity, access, and device management needs, including authenticating to RADIUS services into a single unified whole.

JumpCloud addresses the immediate need to authenticate to RADIUS services, while never acting as a barrier to whatever your future needs may be. It easily scales as you grow and eliminates the need for additional solutions and heavy integrations. JumpCloud empowers you to manage your users, devices, and identities while protecting your resources through a single cloud-based platform. 

How Do I Get Started?

If you’re new to JumpCloud and ready to get started, evaluate JumpCloud today! JumpCloud Free grants admins 10 devices and 10 users free through the  entirety of the product including delegated cloud RADIUS. Once you’ve created your JumpCloud account, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.

You can check out our Setting up JumpCloud RADIUS Server guide to learn the steps to set up JumpCloud Cloud RADIUS. You can also follow our Azure AD SCIM server integration guide to start on connecting Azure AD with JumpCloud to import users using a real-time user import SCIM integration.

Krishnan Ramachandran

Continue Learning with our Newsletter