Overview of RADIUS-as-a-Service

What is RADIUS?

RADIUS is an acronym that stands for Remote Authentication Dial In User Service. It’s a protocol standard that’s been around since 1991, hence the “Dial In” part of the name. Even though very few of us use dial in for network connections today, RADIUS still enjoys wide use solving a particular type of problem; that of authenticating and authorizing users to login to a remote network.  

Why JumpCloud’s RADIUS?

Configuring and implementing Cloud RADIUS in your organization allows users to authenticate to WiFi using their JumpCloud credentials (username, email address, and password) without requiring a separate password. Cloud RADIUS improves the efficiency and security of WiFi access controls, with the added contingency to be able to revoke user access at any time.

Cloud RADIUS comes equipped with pre-built, pre-configured, scalable, and fully managed RADIUS servers, with the option to add as many additional RADIUS servers as you like.

RADIUS servers provide WiFi network access control, as well as authentication for VPN, devices, servers, and applications.

Note:

Each RADIUS server provides control for a single WiFi network. If you want multiple WiFi networks, you will need multiple RADIUS servers.

Overall, Cloud RADIUS complements JumpCloud’s suite of Directory services by providing an additional way to authenticate WiFi access control to many users.

Note:

Your organization can now also enable RADIUS access using Entra ID credentials.

Learn More: RADIUS Configuration and Authentication

Features

  • Authenticates users with their JumpCloud account, or third party IdP (Entra ID) credentials, further centralizing your identity management.
  • Configuration will allow for provisioning and removal of RADIUS servers in seconds.
  • Fine-grained access control for each user on your network.
  • Flexible security and connection options - JumpCloud RaaS servers offer both EAP-TTLS/PAP and PEAP (MSCHAPv2) for authentication.

Learn More: RADIUS Technical Considerations and Protocol Support

  • Temporary access controls - vendors, clients, and traveling employees get the access they need, each with their own username, email address, and password.
  • Supports multiple clients - including but not limited to: Linux, OS X, Windows, Android, iOS, and Windows Phone.


Server Security Features:

  • Shared Secret - allows the access point to authenticate JumpCloud’s servers and for JumpCloud’s servers to authenticate the endpoint.
  • Public IP - allows JumpCloud to authenticate that the request is coming from the customer’s network, so that even if the shared secret is compromised, another attacker would have to have internal network access to leverage it.
  • Certificate Trust - allows the client to authenticate both the WAP and the JumpCloud service, so that a malicious actor cannot set up a rogue access point to try to fool end users into joining and sharing authentication data that way.
  • Multifactor Authentication - allows for a second layer of authentication for users attempting to access the server.

Note: MFA is not supported when authenticating through an IdP other than JumpCloud, or when using certificate authentication.

Resources

Server IP Addresses 

Please refer to Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud's RADIUS which is further cited below for a list of our current server IP addresses.

Additional Resources

As you look at configuring your RADIUS authentication solution for your end users, you can refer to JumpCloud's additional documentation resources for more information and steps.  For setup you will need to consider the configuration for JumpCloud, the authentication device (WAP, Router, VPN, etc.) as well as the client devices connecting (systems, mobile devices, etc.).

When you're configuring client devices for authentication using EAP-TTLS/PAP, refer to the following articles for specific WiFi profile configuration information for Windows and Apple devices.  

Note: Explicit instructions have been provided for EAP-TTLS due to client configuration being required, but generally PEAP will not require additional setup on the client system. For other devices, please refer to your vendor documentation to confirm support and configuration for EAP-TTLS/PAP and be sure to include the client security certificate in the configuration.

Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case