• Home
• Content Library
• Admin Docs
• Configure Application
• How to add a Radius App

How to add a Radius App

Remote Authentication Dial-In User Service (RADIUS) is a software and client-server protocol used to centrally authenticate and authorize users attempting to access a network, acting as a central point to verify user credentials before granting network access. It performs functions like authentication, authorization, and accounting (AAA) for users trying to connect to a network, like through Wi-Fi or VPNs.

miniOrange enables several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, and more. We provide MFA or adaptive authentication solutions for RADIUS apps like Fortinet VPN, SonicWall VPN, AWS Workspaces, and many more.

Let’s configure your application now.

• Login into the miniOrange Admin Console.



• Click on Apps and visit the list of all configured applications and option to modify them.
• Press on Add Application.



• From All Apps dropdowns, choose RADIUS (VPN).



• Search for your application from the list if your application is not found. Search for radius, and you can set up your app via Radius Client.



• Configure the below details in Basic settings tab.




Display Name	Any name for your reference.
Client IP	The IP address of the VPN server, which will send the Radius authentication request.
Shared Secret	Security key. For Eg. "shared-secret" (Keep this with you; you will need to configure the same on VPN Server)
Include Password & OTP in the same Request	Check this option for clients, which takes a password and the OTP in the same request. Otherwise, keep it unchecked.

• Configure the Advanced settings for the AWS Workspace VPN Client as required.



• After configuring the above details, click on the Save button.
• Go to the Attributes tab of the Radius Client.
• You will see an option to Send Custom Attributes in response – check this if you want to send user groups as Vendor-Specific Group Attributes.
• Under Attribute Mapping, it shows No Attribute Added if no attributes are configured yet.
• To add attributes, click Add Attribute.



• Next, navigate to Policies and click Add Policy. Provide the policy details:
  
  

  Group Name	Group for which the policy will apply.
  Policy Name	Any Identifier that specifies the policy name.
  First Factor	Login Method for the users associated with this policy.
  Enable 2-Factor Authentication (MFA)	Enables Second Factor during Login for users associated with this policy.
  Enable Adaptive Authentication	Enables Adaptive Authentication for the Login of users associated with this policy




• Once all the above-mentioned details are included, press the Submit button. The new policy will appear in the list.



• Copy and save the Radius server IPs that will be required to configure your Radius client.




NOTE: Follow the below steps before testing the connectivity. Open Firewall Ports.

• To receive the RADIUS request, it is necessary to open UDP traffic on ports 1812 and 1813 for the machine where On-premise IDP is deployed.
• If the hosting machine is a Windows Machine, then you can follow this document.
• If the hosting machine is a Linux Machine, then you can follow this document.