miniOrange is an IT security and services company (vendor). As an IT security outsourcing company, miniOrange firmly believes in complete satisfaction of its customers who are looking for security outsourcing companies and vendors. As one of the leading information security companies, miniOrange provides the following Single sign on (sso) services for its customers.
In addition to the above, as more and more companies are putting their data on the cloud, they are concerned about protecting that data and make it available only for authorized users. As an IT security outsourcing company, miniOrange firmly believes in implementing strong authentication methods to access resources on the cloud. As one of the leading information security companies, miniOrange provides the following authentication services for its customers.
As recent attacks on various online portals and cloud apps show us that you can put up the best authentication method out there and hackers will find a way to get past that. The best way to authenticate users in the cloud is to dynamically calculate the risk of authorization based on device, location, time of access and behavior. As one of the leading information security companies, miniOrange provides the following dynamic authentication for its customers
Fraud Prevention services (Risk based access, Adaptive authentication, Dynamic authentication, dynamic assessment of risk)
If you are in any kind of network, LAN, WAN or Virtual private network(VPN), you must have heard about an ancient protocol called Remote Authentication Dial In User Service (RADIUS).Its a networking protocol that provides centralized authentication and authorization. As an IT security outsourcing company with specialization in Remote Authentication Dial In User Service (RADIUS), miniOrange firmly believes in implementing RADIUS pass through authentication for its customers. As one of the leading information security companies, miniOrange provides the following Remote Authentication Dial In User Service (RADIUS) for its customers
Half the world uses Microsoft technologies and most of them use an Active Directory (AD) for authentication and authorization. Active Directory Federation Services (AD FS) is designed to provide single sign on for users using windows technology. As an IT security outsourcing company with specialization in windows, miniOrange firmly believes in implementing Active Directory Federation Services (AD FS). As one of the leading information security companies, miniOrange provides the following Active Directory Federation Services (AD FS) for its customers
In addition to the above, miniOrange's core expertise is in writing security software. As one of the leading information security companies, miniOrange provides the following security services for its customers
Thousands of customers can not manage their own sites anymore because sites have grown in number and they easily become un-manageable. Thanks to Siteminder technology by CA, there is a way these sites can be managed. But how about access to these sites!!! You will need miniOrange technology to not only install, configure Siteminder but also write custom agents that can plugin with your choice of authentication and authorization software. As one of the leading information security companies, miniOrange provides the following Siteminder services for its customers
As a trusted provider of cloud based single sign on, user authentication and fraud prevention solution, miniOrange has helped a number of customers with their most critical areas by effectively managing risks and achieving compliance.
miniOrange improves the security of sensitive patient data such as electronic patient records, medical transactions etc. There has been a marked increase in multi channel applications, electronic patient data, complexity of healthcare ecosystem and communication between healthcare firms, insurance and service providers. All of this require security solutions that protect sensitive information at rest and in motion. miniOrange provides user authentication solutions that help healthcare providers secure their transactions and protect their patient and customer data via Strong Authentication, Fraud prevention and Single Sign on Solutions while effectively managing risks and achieving regulatory compliance specific to Healthcare Industry.
RADIUS (Remote Authentication dial In User Service) is a networking protocol that provides client authentication, authorization, and accounting for the network. RFC standards 2865 and 2866 describe the RADIUS accounting, respectively.
RADIUS protocol is implemented by a number of severs including Free RADIUS, Steel Belted RADIUS etc.
A strong authentication server is one that protects applications and other network resources like Virtual desktop Infrastructures and Cisco VPN's etc.
It supports various authentication methods like password based, one time password etc.
If any RADIUS server is installed (to protect the access to a network) side by side to a strong authentication server (to protect the access to network resources), then it would be advantageous to integrate these two servers so that the end user can access the resources he needs by signing on once(Single Sign-on or SSO).
miniOrange can configure our Authentication product in three possible ways with your RADIUS server.
Side by Side - Use an existing RADIUS server and configure it Side by Side to delegate authentications to your Authentication Server
PROS: Quick Turnaround compared to other options. Use existing RADIUS implementation Supports PAP, PAP with a Shared Secret, EAP-TLS
CONS: Messy Configuration Heavy footprint
Include and Extend - Use an existing RADIUS server and an existing extensible mechanism to delegate authentications to your Authentication Server
PROS: Better design than above, supports PAP, PAP with a Shared Secret, EAP-TLS
CONS: Heavier footprint than above
Custom RADIUS - Implement a custom RADIUS implementation and delegate authentications to your Authentication Server
PROS: Best Design, Very lightweight Supports PAP, PAP with a Shared Secret, CHAP, MSCHAP, EAP-TLS
CONS: Complex implementation
Recommendation - Depending on our Business Case, Go with a staged approach where we do option 1 or 2 in the short term and explore Option 3. In the mid to long term, implement Option 3.
miniOrange has a lot of experience in implementing RADIUS Protocol and depending on Business Scenario can evaluate and implement one of these three options :
Side by Side
Use an existing RADIUS server and configure it side by side to delegate authentications to your Authentication Server which can be an option to turnaround quickly and supports Supports PAP, PAP with Shared Secret , EAP-TLS but this option leads into not so easy configuration set up
Include and Extend
Use an existing RADIUS server and an existing extensible mechanism to delegate authentications to your Authentication Server leads to better design which also supports Supports PAP, PAP with a Shared Secret , EAT-TLS but is heavier footprint than above option
Implement a custom RADIUS implementation and delegate authentications to your Authentication Server - This is a complex but best design and very lightweight implementation It also supports Supports PAP, PAP with a shared secret, CHAP, MISCHAP, EAP-TLS SAMPLE USE CASES Strong Authentication Server and RADIUS integration can be done in the context of the following two use cases:
An end user wants to access his Virtual Desktop using VMware view which is protected by a RADIUS Server which in turn delegates all the authentication requests to your strong Authentication Server
An end user wants to access a Virtual Private network using Cisco VPN which is protected by RADIUS server which in turn delegates all authentication requests to your Strong Authentication Server.
Sample End to End Flow
The end users clicks on VDI Client. VDI client sends a request to connect to VDI Server
VDI server is confirmed to use RADIUS 2 factor authentication so it delegates to RADIUS Server
RADIUS Server is configured to use your Strong Authentication server for Authentication so it delegates to RADIUS Interface
The RADIUS Interface Interprets the incoming requests and calls the appropriate API's (e.g. for 1st factor authentication - UserID -password ) on your Server
Your server API returns success for 1st Factor Authentication
The RADIUS Interface throws a challenge since the first factor was successful
The user on the VDI interface gets a screen where he enters OTP generated on his Mobile phone
The OTP gets to right Strong Auth API through the same route again
The API returns success for 2nd factor
The user get access to his Virtual Desktop
Please contact us at email@example.com to get a quick answer on RADIUS AUTHENTICATION