RADIUS 2FA

By Zach DeMeyer Posted May 31, 2019

As IT organizations leverage VPNs and WiFi, many are trying to level up their security to access network resources. Traditionally, the necessary physical proximity of users to the network effectively added a second factor to security to the authentication process. But now, with users accessing far flung networks from anywhere in the world, IT admins and DevOps engineers are looking to level up security through RADIUS 2FA (two factor authentication) capabilities.

Why 2FA?

2FA works by adding a second factor—often a pin or token—that is entered at the time of log in, usually along with a user’s credentials. Of course, the use of 2FA in just about any situation is a positive. While the extra step to authentication may cause end users to complain, the truth is that adding an additional factor to any login dramatically reduces the chances of a breach or identity compromise.

The addition of a second factor for access to networks via VPNs can be game changing. Modern uses of VPNs include connecting users to their production infrastructure and/or development and staging environments in the cloud. These “networks” house some of an organization’s most valuable data and applications, so adding a second factor to the authentication process makes a lot of sense.

Traditional Network Security

Historically, VPNs have preferred to authenticate users leveraging the RADIUS protocol. Usually, IT admins or DevOps engineers backend their VPN infrastructure with a RADIUS server, which bridges authentication to the core identity provider, often Microsoft® Active Directory®.

The challenge with RADIUS has been that there are a number of additional components required to implement, along with extensive configurations, and integration with networking gear and the directory service. Ultimately, with all of these moving parts, a RADIUS infrastructure can be brittle.

RADIUS 2FA Solution

The good news is that as more and more IT management infrastructure moves to the cloud, there is a solution that IT admins can leverage that is a cloud hosted RADIUS server with 2FA capabilities. DevOps engineers and IT admins point their VPN or WiFi network to this virtual RADIUS-as-a-Service, which has an integrated directory service to streamline authentication. Additionally, IT admins using this solution can require 2FA when accessing the VPN network through RADIUS.

This RADIUS-as-a-Service is a part of JumpCloud® Directory-as-a-Service®. Directory-as-a-Service is a cloud identity provider with integrated LDAP and SAML SSO (single sign-on), system management capabilities, RADIUS authentication, and more. As a core identity provider and RADIUS-as-a-Service, JumpCloud completely eliminates the need for an on-prem directory service like AD.

Try RADIUS 2FA Free

You can use JumpCloud Directory-as-a-Service today, absolutely free for ten users or less. Simply sign up for the product, and you will receive full reign over Directory-as-a-Service with your free users, forever. After you’ve tried out the comprehensive cloud directory service, check out our Pricing page to see how you can scale it to your organization. Please contact us to learn more.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts