• Home
• Content Library
• Admin Docs
• Configure Application
• How to add a Radius App

How to add a Radius App

Remote Authentication Dial-In User Service (RADIUS) is a software and client-server protocol used to centrally authenticate and authorize users attempting to access a network, acting as a central point to verify user credentials before granting network access. It performs functions like authentication, authorization, and accounting (AAA) for users trying to connect to a network, like through Wi-Fi or VPNs.

miniOrange enables several different protocols for your applications, such as SAML, WS-FED, OAuth, OIDC, JWT, RADIUS, and more. We provide MFA or adaptive authentication solutions for RADIUS apps like Fortinet VPN, SonicWall VPN, AWS Workspaces, and many more.

Let’s configure your application now.

• Login into the miniOrange Admin Console.



• Click on Apps and visit the list of all configured applications and option to modify them.
• Press on Add Application.



• From All Apps dropdowns, choose RADIUS (VPN).



• Search for your application from the list if your application is not found. Search for radius, and you can set up your app via Radius Client.



• Configure the below details in Basic settings tab.




Display Name	Any name for your reference.
Client IP	The IP address of the VPN server, which will send the Radius authentication request.
Shared Secret	Security key. For Eg. "shared-secret" (Keep this with you; you will need to configure the same on VPN Server)
Include Password & OTP in the same Request	Check this option for clients, which takes a password and the OTP in the same request. Otherwise, keep it unchecked.

• Configure the Advanced settings for the AWS Workspace VPN Client as required.



• After configuring the above details, click on the Save button.
• Go to the Attributes tab of the Radius Client.
• You will see an option to Send Custom Attributes in response – check this if you want to send user groups as Vendor-Specific Group Attributes.
• Under Attribute Mapping, it shows No Attribute Added if no attributes are configured yet.
• To add attributes, click Add Attribute.



• Next, click on Policies tab.
  
  
• Click on the Assign group button. A new Configure Group Assignment Modal will open.
  • Assign Group: Select the groups you want to link with the application. You can select up to 20 groups at a time.
  
  
  
  • If you need to create new group. Click on Add New Group button.
  • Enter the Group name and click on Create Group.
  
  
  
  • Click on Next.
  • Assign Policies: Add the required policies to the selected groups. Enter the following details:
  • First Factor: Select the login method from the dropdown.
  • If you select Password as the login method, you can enable 2-Factor Authentication (MFA) and Adaptive Authentication, if needed.
  • If you select Password-less as login method, you can enable 2-Factor Authentication (MFA) if needed.



• Click on Save. Policies will be created for all the selected groups.
• Once all the above-mentioned details are included, press the Save button. The new policy will appear in the list.



• Copy and save the Radius server IPs that will be required to configure your Radius client.




NOTE: Follow the below steps before testing the connectivity. Open Firewall Ports.

• To receive the RADIUS request, it is necessary to open UDP traffic on ports 1812 and 1813 for the machine where On-premise IDP is deployed.
• If the hosting machine is a Windows Machine, then you can follow this document.
• If the hosting machine is a Linux Machine, then you can follow this document.