RADIUS authentication has been proven to significantly enhance network security. The challenge is that RADIUS servers have historically been on-prem implementations that are typically ancillary to an on-prem identity management infrastructure. This legacy approach can feel antiquated in the modern era of cloud computing. As a result, many IT organizations have chosen to leverage a web-based RADIUS server instead. How is this possible? Read on for an in-depth explanation, but let’s start with the basics.
What is RADIUS?
The Remote Authentication Dial-In User Service, otherwise known as RADIUS, is a network authentication protocol that is used to manage user access to remote networks. When paired with a core identity provider (a.k.a., a directory services platform), RADIUS offers centralized authentication, authorization, and accounting for requests sent over a network. The key advantage with RADIUS authentication is that IT can leverage core user identities to manage access to a RADIUS-protected network on an individual basis. In doing so, IT can ensure that only the correct users can access the RADIUS-enabled network.
What is a RADIUS Server and How Does it Work?
A RADIUS server is essentially a server that is dedicated to RADIUS authentication. RADIUS authentication follows the client/server model. In this model, the client is any RADIUS-enabled networking device, and the server is the RADIUS server.
As previously mentioned, RADIUS servers are typically adjunct to a core directory database (a.k.a., an identity provider). This enables the RADIUS server to leverage the core directory database as the source of truth for authenticating user identities. At a high level, when a user attempts to access a RADIUS-protected network, they are challenged to provide the username and password that is associated with their core user identity (which is stored in the core directory database). Upon submission, the user credentials are routed from the client to a RADIUS-enabled WAP or switch via a supplicant, then onto the RADIUS server for authentication. Once received, the RADIUS server then authenticates the user credentials against the core directory database.
Essentially, if the credentials submitted by the user attempting to access the RADIUS-protected network match the credentials associated with their core user identity, then the RADIUS server will authorize the network connection. If the credentials do not match, the RADIUS server will reject the user request for network access, which results in the client being unable to establish a network connection.
Typical Challenges with RADIUS
Of course, the challenge is that RADIUS servers are typically on-prem implementations that are adjunct to an on-prem directory services platform such as OpenLDAP™ or Microsoft® Active Directory (MAD or AD). Solutions such as these are often found at the core of an IT organization’s identity management infrastructure, which has also historically been on-prem. As a result, IT admins generally require an on-prem implementation of AD or OpenLDAP in order to implement RADIUS. This setup can be difficult and costly to achieve, and most modern organizations would rather shift their on-prem identity management infrastructure to the cloud.
RADIUS Authentication as a Cloud-based Service[/vc_column_text]
Learn More About Web-based RADIUS Servers
The ability to setup a web-based RADIUS server is a core aspect of the JumpCloud offering. Sign up for a free JumpCloud Directory-as-a-Service account today to see our RADIUS functionality in action. In fact, you can demo the full functionality of the JumpCloud platform for free, and we even offer 10 free users to help you get started. Don’t hesitate to contact JumpCloud if you have any questions. You can also check out the following video to learn a few of the best practices for WiFi security.