Note: This integration does not support the use of Push. You will need to use OTP.
Setting up MFA for RADIUS is a requirement for this integration. Please see this article for more information.
Configuring NPS to support RADIUS Authentication
- Go to the Start Menu and click onAdministrative Tools.
- Go to Network Policy Server(NPS)
- ExpandRADIUS Clients and Servers.
- HighlightRemote RADIUS Server Groupsand right click > New.
- Name the group, then clickAddto add a radius server.
- Type in the Address of the RADIUS agent.
- Click on theAuthentication/Accountingtab to configure the RADIUS Server options.
- Type in the Shared Secret that has been configured in the RADIUS Agent
- Click on theLoad Balancingtab to configure the RADIUS timeout.
- UnderAdvanced Settings, setNumber of seconds without response before request is considered droppedfrom the default of 3 to a higher value, (10 seconds or higher is recommended), and clickOK.
- ClickOKto create the RADIUS server group.
- ExpandPolicies, then Connection Request Policies.
- Right click onVirtual Private Network (VPN) Access Policy> clickProperties.
- Click on theSettingstab, then click Authentication.
- Select Forward requests to the following remote RADIUS server group for authenticationand select the RADIUS server group that you created from the list.
- Repeat steps 12 16 for all other policies with the sourceRemote Access Server (VPN-Dial up).
- ClickNetwork Policies, then highlightVirtual Private Network (VPN) Access Policyand right click> Properties.
- Click on theConstraintstab, then click Authentication Methods.
- Deselect all methods exceptPAPand User can change password after it has expired,then clickOK.
- Restart the NPS service by highlightingNPSand right click > Stop NPS Service, then right click > Start NPS Service.
See this article for configuring the connection to the VPN.