Backend FreeRADIUS with Directory-as-a-Service

Written by Zach DeMeyer on June 1, 2020

Share This Article

With an overall move of IT towards cloud-based infrastructure, some are curious if there’s a directory service delivered as-a-Service that they can use to backend RADIUS. RADIUS is one of the most widely used protocols to control access to network and infrastructure. 

Many organizations leverage FreeRADIUS as an open source RADIUS server. Regardless of how it’s implemented, RADIUS can be set up as the authentication directory all by itself. Many organizations instead employ a dedicated directory service as the backend source of identities.

Using RADIUS to Lock Down WiFi Access

While RADIUS works with virtually all of your network infrastructure (e.g. switches, routers, VPNs, etc.), let’s focus on one primary use case and benefit: leveraging RADIUS to lock down your WiFi access points.

WiFi is among the most common methods for employees to access the corporate network. One challenge is that a single SSID password for all users, sometimes called a private pre-shared key, is not secure enough.

Organizations need to lock down their networks to keep unauthorized users away from critical data, and the best way to do that is to tie access to individual corporate identities. RADIUS acts as a proxy between a directory of corporate identities and networking equipment, to require a unique identity to access the network.


FreeRADIUS is an open-source installation of RADIUS that can be run on a local server. This makes FreeRADIUS a primary choice for many organizations who want to use RADIUS to secure their WiFi access with little upfront cost.

FreeRADIUS (and RADIUS in general) can also be used to require unique credentials for connections to virtual private networks (VPNs). With recent increases in remote work, securing VPNs for access to office resources is critical to keeping organizational data safe.

Unfortunately, FreeRADIUS can be technically difficult to configure and support as organizations scale. Additionally, organizations need to pay the capital expenses of server hardware (versus smaller operational expenses of an Infrastructure-as-a-Service subscription) to run RADIUS, including building RADIUS failovers and redundancy. 


JumpCloud’s RADIUS-as-a-Service offers cloud RADIUS backed by the first cloud Directory-as-a-Service (DaaS). RADIUS-as-a-Service leverages preconfigured FreeRADIUS servers to provide network security to any organization, regardless of their environment or location. 

Administrators use the Directory-as-a-Service Admin Console to create their users and groups and then connect those users/groups to the network through RADIUS-as-a-Service. JumpCloud’s cloud RADIUS functionality even includes the ability to dynamically assign VLANs based on groups. Every user on the network logs in using unique credentials. The same rings true for VPN connections, to which admins can apply multi-factor authentication (MFA) for even tighter security.

With RADIUS-as-a-Service, users enter their credentials into their supplicant (their computer or mobile device) only once — after that, they’ll jump on to the network automatically.

Should You Backend FreeRADIUS with DaaS?

If you employ FreeRADIUS already but would prefer to leverage it from the cloud, take a look at JumpCloud’s Directory-as-a-Service. The SaaS-based directory service is one of the easiest, most efficient ways to implement directory services.

You can try it out for yourself by signing up here. Your first 10 users and 10 systems are free forever — no credit card required. We also include 10 days of our premium, 24×7 chat support at no cost to get you up and running right away.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter