Configuring the Centrify Connector for use as a RADIUS client

You can use your existing RADIUS server for user authentication into Privileged Access Service by enabling communication between your RADIUS server and the Centrify Connector (acting as a RADIUS client). The high level steps are:

  1. Configure the RADIUS server to recognize the connector as a valid RADIUS client. See Configuring a RADIUS server.
  2. Make configuration changes in Admin Portal to add RADIUS server information, designate the connector as a RADIUS client, and define your authentication requirements to include RADIUS. See Configuring the Admin Portal (connector as a RADIUS client).

If you have multiple connectors enabled for use as RADIUS clients, Privileged Access Service prioritizes connection with the connectors in the following order:

  1. Connectors from the same IP address as the user
  2. Randomly chooses a connector if more than one is from the same IP address as the user
  3. Choose the best subnet match
  4. Randomly chooses a connector if none of the above are available

Configuring a RADIUS server

You configure the RADIUS server to recognize the connector as a valid RADIUS client. The following RADIUS server configuration procedures use the RSA Authentication Manager’s RADIUS interface as an example. Your procedure may differ slightly if you are using a different RADIUS server.

At a high level, you consistently need the following information regardless of the RADIUS server:

  • IP address of the Centrify Connector
  • The secret key you provide to the RADIUS server and Admin Portal must match exactly

Configuring the Admin Portal (connector as a RADIUS client)

Make configuration changes in Admin Portal to add the RADIUS server information, designate the connector as a RADIUS client, and define your authentication requirements to include RADIUS.