What is RADIUS?RADIUS is an acronym that stands for Remote Authentication Dial In User Service. It’s a protocol standard that’s been around since 1991, hence the “Dial In” part of the name. Even though very few of us use dial in for network connections today, RADIUS still enjoys wide use solving a particular type of problem; that of authenticating and authorizing users to login to a remote network.
Why JumpCloud's RADIUS-as-a-Service?With JumpCloud RADIUS-as-a-Service (RaaS) your users will be able to use their JumpCloud username and password to authenticate to your WiFi network rather than having to worry about a passphrase that is difficult to remember or communicate securely, and you’ll gain the peace of mind the comes from knowing that if a problem arises you can disable user access at any time. It also provides you with pre-built, pre-configured, scalable, and fully managed RADIUS servers. Add as many RADIUS servers as you like for WiFi access control (one RADIUS server per WiFi network), VPN authentication, and authentication for your network devices, servers, and applications. JumpCloud RaaS complements JumpCloud’s other directory services capabilities providing an additional method to authenticate your users across multiple services and clients.
- Authenticates users with their JumpCloud account, further centralizing your identity management.
- Configuration will allow for provisioning and removal of RADIUS servers in seconds.
- Fine-grained access control for each user on your network.
- Flexible security and connection options - JumpCloud RaaS servers offer both EAP-TTLS/PAP and PEAP (MSCHAPv2) for authentication.
- Temporary access controls - vendors, clients, and traveling employees get the access they need, each with their own username and password.
- Supports multiple clients - including but not limited to: Linux, OS X, Windows, Android, iOS, and Windows Phone.
Server Security Features:
- Shared Secret - allows the access point to authenticate JumpCloud’s servers and for JumpCloud’s servers to authenticate the endpoint.
- Public IP - allows JumpCloud to authenticate that the request is coming from the customer’s network, so that even if the shared secret is compromised, another attacker would have to have internal network access to leverage it.
- Certificate Trust - allows the client to authenticate both the WAP and the JumpCloud service, so that a malicious actor cannot set up a rogue access point to try to fool end users into joining and sharing authentication data that way.
- Multifactor Authentication - allows for a second layer of authentication for users attempting to access the server.
Server IP AddressesPlease refer to Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud's RADIUS which is further cited below for a list of our current server IP addresses.
As you look at configuring your RADIUS authentication solution for your end users, you can refer to JumpCloud's additional documentation resources for more information and steps. For setup you will need to consider the configuration for JumpCloud, the authentication device (WAP, Router, VPN, etc.) as well as the client devices connecting (systems, mobile devices, etc.).
Getting Started: RADIUS
Configuring RADIUS Servers in JumpCloud
Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud's RADIUS
Configuring your WiFi Clients to use JumpCloud RADIUS
JumpCloud RADIUS Certificate
When you're configuring client devices for authentication using EAP-TTLS/PAP, refer to the following articles for specific WiFi profile configuration information for Windows and Apple devices.
(EAP-TTLS/PAP) Configuring your Windows 8/10 WiFi Clients to use JumpCloud RADIUS
(EAP-TTLS/PAP) Configure your OS X & iOS Devices for JumpCloud RADIUS
Note that explicit instructions have been provided for EAP-TTLS due to client configuration being required, but generally PEAP will not require additional setup on the client system. For other devices, please refer to your vendor documentation to confirm support and configuration for EAP-TTLS/PAP and be sure to include the client security certificate in the configuration.