How to configure Privileged Access Service for RADIUS

Privileged Access Service supports RADIUS in two ways. The first is to use the Centrify Connector as a RADIUS server for clients that support RADIUS authentication, such as VPNs. Using Privileged Access Service with your RADIUS client, you can provide a second authentication layer for added security. For example, if a VPN concentrator uses RADIUS for authentication, you can configure email as a secondary authentication requirement. A typical work flow is when a RADIUS client (like a VPN server) uses the Centrify Connector as a RADIUS server to authenticate an incoming user connection. Depending on the user type, the connector authenticates the credentials either through Active Directory or Privileged Access Service and returns the authentication result to the RADIUS client. This diagram shows the work flow. See Configuring the Centrify Connector for use as a RADIUS server for configuration details.

The second way to use RADIUS with Centrify is to use your existing RADIUS server for user authentication into Privileged Access Service by defining the Centrify Connector as a RADIUS client. When users attempt to log in to Privileged Access Service and selects an external RADIUS server as a multi-factor authentication (MFA) mechanism, we send the user credentials (username and passcode) to the connector, which validates them against the configured RADIUS server, and returns the result of that validation to Privileged Access Service . This diagram shows the work flow. See Configuring the Centrify Connector for use as a RADIUS client for configuration details.