In Blog, RADIUS, Single Sign On (SSO)

Okta RADIUS

Okta® has dabbled in providing RADIUS authentication services for a while now. It seems that while Okta had provided a cloud RADIUS offering many years ago, they seemed to move in a different direction. That said, it appears that they may have resurrected their RADIUS offering with an on-prem RADIUS agent that IT organizations need to install on a Windows® server. Unfortunately, however, the solution that Okta appears to have come up with is far from the cloud-based RADIUS infrastructure that most IT admins envision.

RADIUS, Directories, and VLANs in the Cloud

Ideally, the RADIUS infrastructure that IT organizations are searching for enables them to offload the entire process of implementing, configuring, and securing FreeRADIUS to a third party. There would be no RADIUS server on-prem like with Okta. The solution would then be available from the cloud and accessible anywhere. Further, because RADIUS requires integration with an identity provider, often Microsoft® Active Directory® or OpenLDAP™, that process should be offloaded as well. For sophisticated, security-minded organizations, there is one final piece to this equation. The option to leverage VLANs (virtual local area networks) to place users in the proper VLAN segments represents another critical feature that should be implemented and delivered from the the cloud.

Typical RADIUS Use Case

cloud RADIUS

For most organizations, the use case surrounding RADIUS has to do with stepping up their WiFi and VPN security. The reasons they’re seeking to accomplish this are simple. Most organizations simply utilize a shared SSID and passphrase for WiFi which leaves them vulnerable to attack. Conceptually, a simple way to increase security is to require users to authenticate with their core identity. That is, the identity they use to log in to their workstations. It’s unique to them, and nobody else should know it. The challenge to this approach is that it requires a number of moving parts for IT organizations including a FreeRADIUS server, integration with an IdP, and then endpoint configuration. For busy IT admins, that’s a lot of work.

Okta RADIUS is On-Prem, This is Not

Thankfully, a new generation of cloud RADIUS is emerging to solve these issues and shift the entire infrastructure to the cloud. That means a global network of FreeRADIUS servers integrated with an onboard identity provider are ready and awaiting deployment at a moment’s notice. That said, there is no need to continually adjust endpoint clients or install any supplicants. It’s a huge boon for network security and a major timesaver for IT admins.

Called Directory-as-a-Service®, this cloud RADIUS service is a completely virtual implementation and alternative to Okta RADIUS. There is no need to install anything on a Windows Server living in your closet, it’s ready to go when you are. Further, JumpCloud® Directory-as-a-Service comes out of the box with the ability to virtually segment networks so that individuals, groups, or entire departments have their own chunk of the network and should it get compromised, the entire infrastructure isn’t put at risk. These are just a few aspects of the product; JumpCloud also features LDAP-as-a-Service, system management via GPO-like Policies, multi-factor authentication (MFA), Office 365™ / G Suite™ integration, and so much more.

Learn More About JumpCloud Today

Okta RADIUS is not a cloud-based solution, so if your goal is to go all cloud, then give JumpCloud a try for free. When you sign up you instantly gain access to the full-featured version of Directory-as-a-Service complete with the ability to manage up to 10 users, all at no cost. If you would like to discuss further options, feel free to drop us a line. Or if you’re eager to just get your hands dirty, pay a visit to our Knowledge Base.

Recent Posts