JumpCloud RADIUS lets users securely authenticate their devices to WiFi, VPN, or other supported networks using JumpCloud. There are 3 available RADIUS configurations at JumpCloud that vary in complexity based on your preferred authentication method. With password-based authentication, users authenticate with the same credentials they use to access their other JumpCloud-protected resources (for example, the JumpCloud User Portal and SSO applications).
Password-based authentication is the default authentication method for JumpCloud RADIUS.
JumpCloud supports the following RADIUS configurations, differentiated by the method with which users authenticate on their devices:
- Password-based authentication (WiFi or VPN)
- Users authenticate to networks with their JumpCloud username or email address and password.
- Reduces the need for additional configuration on end-user devices.
- Passwordless-based authentication (WiFi)
- AKA certificate-based authentication (CBA); this authentication method for RADIUS requires additional configuration steps to connect end-user devices to networks.
- This method requires devices to connect using EAP-TLS.
- Delegated authentication with Entra ID (WiFi)
- Use JumpCloud RADIUS solely as the authentication server and maintain Entra ID as the identity provider (IdP).
- Delegated auth is still password-based, but user credentials are managed in Entra ID.
- This method requires devices to connect using EAP-TTLS/PAP.
- For more information about the RADIUS protocol and JumpCloud’s implementation, see Overview of RADIUS-as-a-Service.
- For in-depth technical details such as supported protocols and MFA support, see RADIUS Technical Considerations and Protocol Support.
Configuring JumpCloud RADIUS
Configuring JumpCloud RADIUS involves multiple steps including the JumpCloud configuration, the networking equipment configuration, and potentially the end-user device configuration depending on your chosen solution within your environment. The following serves as an overview of the process:
- Select the RADIUS configuration appropriate for your environment:
- Passwordless / CBA
- Delegated Auth with Entra ID
- Based on your preferred authentication method, configure your JumpCloud RADIUS server:
- Next, configure your network hardware to use the JumpCloud RADIUS server:
- For generic configuration applicable to multiple vendors:
- Vendor specific configurations:
- Lastly, configure your endpoints to connect using JC RADIUS:
- WiFi: if you selected Password-based authentication, no further configuration should be necessary. Users will connect from their end-user devices with JumpCloud credentials and will not require any additional configuration on their end-user devices. See Configure your WiFi Clients to use RADIUS for more information.
- VPN: if you selected Password-based authentication, any additional configuration between your VPN service and your end-user device is required based on the specifics of your vendor.
- If you selected Passwordless-based authentication / CBA, see the following information:
- If you selected Delegated Authentication with Entra ID, configure your endpoints to use EAP-TTLS/PAP: