RADIUS Server Without Active Directory

Written by Zach DeMeyer on November 24, 2019

Share This Article

Updated on May 11, 2023

Can you implement a RADIUS server without Active Directory (AD) back-ending it? For a long time in IT, admins used the on-prem directory service as the source of user data for their RADIUS servers, ensuring their networks were as secure as possible. With the prevalence of the cloud in the IT landscape, however, on-prem server functions seem to be going out of style. So, the question becomes: how do you shift RADIUS to the cloud without AD back-ending it?

Why RADIUS?

When compared to traditional methods, using RADIUS — or the Remote Access Dial-In User Service — allows organizations to tighten up their network security more thoroughly. Many organizations implement RADIUS to require a unique set of credentials to authenticate users to WiFi networks, which, when used in addition to just a shared WPA key, reduces the likelihood of a network breach.

RADIUS also enables the use of multi-factor authentication (MFA) on VPN connections. Although MFA is a more recent trend, securing VPNs was one of RADIUS’s core use cases.

Managing RADIUS Access through AD

In order to properly authenticate access, RADIUS requires a directory to compare relayed credentials against. Most RADIUS servers can authenticate against user credentials stored within it, but the process is made more secure by leveraging the core identity from a directory service. Given that AD has dominated the directory services scene since its inception, it made sense to pair it with RADIUS. Plus, historically, RADIUS servers are generally housed on-prem, which puts it directly in the range of the AD domain controller’s reach. 

In fact, Microsoft created its own RADIUS-like solution called Windows NPS to provide RADIUS-like capabilities to the AD domain. For much of the early 21st century, IT admins equipped with Active Directory and NPS or a standalone RADIUS server, such as FreeRADIUS, could rest assured that they had tightly controlled network access.

The Cloud Changed Everything

Although they don’t have direct interactions with RADIUS, the host of cloud applications and infrastructure that has risen in prevalence in the modern IT landscape has changed the way RADIUS is viewed. In spite of their advancements in productivity and collaboration, these cloud-based resources have put a strain on AD-centric IT organizations. 

Due to this, some organizations have started to rethink their directory service options. This decision ultimately trickles down to on-prem RADIUS servers as well.

After all, many server functions have been offloaded to the cloud (i.e. infrastructure/data centers in AWS, Azure, GCP, etc.), so it’s natural to consider shifting RADIUS as well. Of course, simply hosting FreeRADIUS on a cloud server in AWS doesn’t preclude IT organizations from the work of managing, configuring, and updating their RADIUS implementations.

RADIUS Without Servers

Organizations looking to move their infrastructure to the cloud need a way to use RADIUS without Active Directory — or servers altogether. By implementing RADIUS integrated with a cloud directory service, IT organizations can reap much of the benefits of RADIUS authentication with barely any of the heavy lifting and legwork.

All of this and more are possible with JumpCloud’s open directory platform. The first cloud directory service of its class, JumpCloud features baked-in Cloud RADIUS, which leverages a global network of cloud-hosted FreeRADIUS servers to alleviate the burden of implementation from the shoulders of IT admins and network engineers. This includes the addition of RADIUS MFA for securing VPNs.

Beyond online RADIUS servers, JumpCloud is fully fledged with respect to user and device management, as well as authentication to applications and servers via SAML and LDAP. With JumpCloud, IT organizations can essentially replace their on-prem AD instance with a modern directory completely hosted in the cloud.

Try JumpCloud Cloud RADIUS

If you’re ready to secure your network with a cloud RADIUS server that provides interoperability and Zero Trust security, sign up today for a JumpCloud account. It’s free for up to 10 users or devices. If you’d like additional information, feel free to consult JumpCloud’s Knowledge Base, or drop us a line.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter