By Rajat Bhargava Posted November 30, 2016
First generation IDaaS (Identity-as-a-Service) providers focused in on just web application single sign-on. That made a lot of sense since most of the identity and access management function was taken care of by Microsoft Active Directory®.
These web application SSO providers built their solutions on top of Active Directory. AD would be the core, authoritative user management platform and federate identities to the web app SSO provider. This worked well when everything was on-prem and Windows-based.
But as the IT landscape shifted and more capabilities were needed, this model didn’t work so well. One feature that admins were looking for was for IDaaS to include cloud RADIUS functionality. Cloud RADIUS capabilities are critical to include into any next generation cloud identity management platform.
Why is RADIUS Important?
As IT networks shift to being delivered via WiFi, security of the network becomes more critical. As IT admins know, WiFi networks are largely insecure. A shared SSID and passphrase is far too easy for somebody to obtain. The result is that malicious individuals could easily gain access to the network and begin to attack systems and applications from the inside. That’s a scary thought for most IT organizations.
The approach to stem this threat is to implement a FreeRADIUS server to connect to the directory service. By taking this approach, each user must uniquely authenticate to the WiFi network. The user only needs to enter their core credentials once into the supplicant that sits on the user’s machine. It should be noted that those credentials can be those that are used for G Suite or Microsoft Office 365 identities. From there, everything is automated each time the user logs into the WiFi network. The wireless access point receives the user’s credentials and forwards them to the cloud RADIUS server. After that, the RADIUS server validates the credentials with the directory service. If the user’s credentials check out, they are allowed onto the network. This approach ensures that each person that logs into the network must have credentials within the directory service. By leveraging a virtual RADIUS service, the IT organization has dramatically stepped up security to the network.
Conventional RADIUS Requires Effort & Maintenance
Of course, there are challenges with including RADIUS into the network. The primary problem for IT organizations is how to enable this functionality without the heavy lifting of installing, configuring, and maintaining the RADIUS server. Connecting the RADIUS server to the directory service can be painful, as well. Selecting the right RADIUS protocol for authentication and security can be complex too.
All of this extra effort is why most organizations don’t leverage RADIUS within their environments.
An Easier Way to Implement RADIUS
Next generation IDaaS solutions like Directory-as-a-Service® include RADIUS-as-a-Service capabilities. In this model, the entire RADIUS infrastructure is delivered from the cloud and as a service. IT admins simply point their WAPs to the virtual RADIUS server. In addition, Directory-as-a-Service includes the cloud directory on-board, so there is no integration work to be done between the RADIUS server and the identity provider. This saves a significant amount of effort. As a complete cloud RADIUS offering, IDaaS solves a critical security issue for IT organizations.
Are You Ready to Upgrade to Cloud RADIUS?
If you would like to learn more about IDaaS and cloud RADIUS, drop us a note. We’d be happy to walk you through the benefits of stepping up your WiFi security. Or, sign-up for a free account and try it for yourself. Your first 10 users are free forever.