Certificate Based Authentication to RADIUS for Admins<\/a><\/p>\n\n\n\nPassword Authentication<\/strong><\/p>\n\n\n\n\nTo continue letting users authenticate with their username or email address and password, plus TOTP or PUSH, select Password<\/strong> as the authentication method.<\/li>\n\n\n\nThe MFA Configuration section will be available if using JumpCloud as the Identity Provider, and if Password is selected as the Authentication Method.<\/li>\n\n\n\n Configure Multi-Factor Authentication (MFA)<\/strong>\n\n\u200b\u200bToggle the MFA Requirement option to Enabled<\/strong> for this server. This option is Disabled by default.<\/li>\n\n\n\nSelect Require MFA on all users<\/strong> or Only require MFA on users enrolled in MFA<\/strong>.\n\nIf selecting Require MFA on all users<\/strong>, a sub-bullet allows for excluding users in a TOTP enrollment period, but this does not apply to JumpCloud Protect (users in a TOTP enrollment period who are successfully enrolled in Protect will still be required to complete MFA).<\/li>\n\n\n\nIf JumpCloud Protect is not yet enabled, users can select the Enable Now<\/strong> link.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\nPasswordless Authentication<\/strong><\/p>\n\n\n\n\nTo use certificate authentication, select Passwordless<\/strong>.\n\nOnce Passwordless<\/strong> has been selected, the Save<\/strong> button will be disabled until a certificate has been successfully uploaded (or the authentication method has been changed back to Password).<\/li>\n<\/ul>\n<\/li>\n\n\n\nIf desired, select Allow password authentication as an alternative method<\/strong>.\n\nIf this checkbox is selected, admins can enable certificates for some users while allowing others to continue validating by username or email address and password. Users will continue to have the option to validate by username or email address and password, but once they choose to validate with certificates and a valid certificate is found, the password option will no longer be presented.<\/li>\n\n\n\n The MFA Configuration section will be available if using JumpCloud as the Identity Provider, and Passwordless is selected as the Authentication Method, and the Allow password Authentication as an alternative method checkbox is selected.<\/li>\n<\/ul>\n<\/li>\n\n\n\n Configure Multi-Factor Authentication (MFA)<\/strong>\n\n\u200b\u200bToggle the MFA Requirement option to Enabled<\/strong> for this server. This option is Disabled by default.<\/li>\n\n\n\nSelect Require MFA on all users<\/strong> or Only require MFA on users enrolled in MFA<\/strong>.\n\nIf selecting Require MFA on all users<\/strong>, a sub-bullet allows for excluding users in a TOTP enrollment period, but this does not apply to JumpCloud Protect (users in a TOTP enrollment period who are successfully enrolled in Protect will still be required to complete MFA).<\/li>\n\n\n\nIf JumpCloud Protect is not yet enabled, users can select the Enable Now<\/strong> link.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\nUploading a Certificate Authority<\/strong>\n\nTo upload your certificate, click on the Choose a File<\/strong> button, navigate to the file location, and select it for uploading.<\/li>\n\n\n\nOnce the file has uploaded successfully the file name will display on the screen and options will change to replacing or deleting the file. There is also an option to view the full CA chain.<\/li>\n\n\n\n Clicking Save<\/strong> will return the user to the main RADIUS screen, where the Certificate badge will display in the Primary Authentication column.Note<\/strong>: For more information about where and how to find trusted certificates outside of JumpCloud, see the RADIUS-CBA Tools for BYO Certificates white paper (PDF attachment; see files section on right).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\nSelecting Users for Access to the RADIUS Server (User Groups tab)<\/h2>\n\n\n\n\nTo grant access to the RADIUS server, click the User Groups<\/strong> tab then select the appropriate groups of users you want to connect to the server.\n\nEvery user who is active in that group will be granted access.<\/li>\n<\/ul>\n<\/li>\n\n\n\n Click Save<\/strong>.<\/li>\n<\/ul>\n\n\n\n <\/p><\/div>
Note:<\/strong> \nUsers who are being granted access to a RADIUS server that will authenticate with the IdP of Entra ID must be imported into JumpCloud and then assigned to a User Group.<\/p>\n <\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
Through JumpCloud, your organization can create a cloud RADIUS server without the hassle of physical servers. You can quickly roll […]<\/p>\n","protected":false},"author":204,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2845,2897],"support_tag":[],"coauthors":[2838],"acf":[],"yoast_head":"\n
RADIUS Configuration and Authentication - JumpCloud<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n