Setup RADIUS as an Authentication Adapter

In this lesson we will setup RADIUS as an additional authentication and configure it to work with our FreeRADIUS.net instance

VMware Workspace ONE using Identity Manager allows for setting up Network Ranges and different authentication policies that can be assigned to different network ranges. For example, you might want your end-users to authenticate with their Active Directory credentials when they are in the office and connected to the corporate network.  You might want your users to use 2-factor authentication when working from home. You might have a group of users requiring Multi-Factor Authentication (MFA) because of the applications they can access.

For this lab, we are using FreeRADIUS.net to simulate a RADIUS compatible authentication adapter, in a real-world scenario this could be your RSA server or any other 2-factor authentication solution supporting RADIUS protocol. We have setup a different password (123456) other than the default AD-password (VMware1!) typically used in the HOL, so consider this your RSA token.  We will start this simulation in the next steps.

We will walk through the configuration of the RADIUS authentication adapter within Workspace ONE Identity Manager and assign RADIUS authentication to all connections coming from a specific network range.

Start FreeRADIUS.net

  1. Open the Start Menu on the main console
  2. Select FreeRADIUS START
  3. Verify FreeRADIUS is started and Ready to process requests.

Attention: Please leave the FreeRADIUS START window open or minimize it, but DO NOT close it.

Launch Browser

From the main console, Open Google Chrome

Open Identity Manager Console

  1. Click WS1 on the Bookmark bar and open VIDM-01 Admin to open Management Console
  2. If prompted for Select your domain, confirm corp.local and click Next

Login to Identity Manager

  1. Username: administrator
  2. Password: VMware1!
  3. Click Sign in

Setup Authentication Adapters

  1. Click Identity & Access Management tab
  2. Click Setup on the tab to the right next to manage
    1. You should be on the Legacy Connectors tab
  3. Click on conn-01 under Worker.  conn-01 is the Workspace One Access Connector that is already setup to handle synchronization of the directory / Horizon and to configure authentication.

Modify Authentication Adapters

  1. Click Auth Adapters in the center top
  2. Click RadiusAuthAdapter at the bottom, and notice it is disabled so we will enable it in the next step

This will redirect you to the Admin Console to edit the Authentication Adapter.

Configure RADIUS

Note:  Leave all of the settings that we don't mention below to their defaults

  1. Check 'Enable RADIUS Adapter'
  2. Check 'Enable direct authentication' to Radius server during auth chaining'
  3. Set 'Number of attempts to Radius server' to 5
  4. Set 'Server timeout in seconds' to 5
  5. Specify 192.168.110.10 as the RADIUS server ip. This is the IP of the Main Console where we are running FreeRADIUS.
  6. Scroll down
  7. Set Accounting port to 1813
  8. Chose PAP as Authentication type
  9. Enter HOLrocks! as the shared secret
  10. Leave configuration for secondary server empty
  11. Click Save

Confirm no errors at the top.

Confirm RadiusAuthAdapter is Enabled

Confirm that RadiusAuthAdapter shows Enabled.

Return to Admin Console

Close this tab to return to the Admin Console

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.