- Your public IP can only be used one time in JumpCloud.
- You can use DHCP addresses, but when the address changes, you'll need to update the RADIUS server's details with the new IP address. You can do this in the API.
- MSCHAP and EAP-PEAP/MSCHAP2 can’t be used as an authentication method with MFA enabled RADIUS. We recommend using EAP-TTLS/PAP for authentication. We don’t recommend using PAP.
- Mac and iOS devices require additional software to use EAP-TTLS/PAP authentication for wireless clients. See this KB for more information.
Adding a RADIUS Server
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to RADIUS.
- Click ( + ). The New RADIUS server panel appears.
- Configure the RADIUS server:
- Enter a name for the server. This value is arbitrary.
- Enter a public IP address from which your organization's traffic will originate.
- Provide a shared secret. This value is shared with the device or service endpoint you're pairing with the RADIUS server.
- Configure Multifactor Authentication for the RADIUS server:
- Toggle the MFA Enforcement for this RADIUS server is option to On to enable MFA for this server. This option is Off by default.
- Select Users will be challenged if they have MFA actively set up to require all JumpCloud users with MFA active for their account provide a TOTP code when they connect to this server.
- Select Users will be challenged unless they are in active an enrollment period to require all JumpCloud users that aren’t in an MFA enrollment period provide a TOTP code when they connect to this server.
- Select Users will always be challenged including during an enrollment period to require all JumpCloud users, even those in MFA enrollment periods, provide a TOTP code when they connect to this server.
Learn how to connect to MFA-enabled servers.
Tip: You can see if MFA is enabled for a RADIUS server in the RADIUS list's MFA Status column.
- To grant access to the RADIUS server, click the User Groups tab, then select the appropriate groups of users you want to connect to the server.
- Click save RADIUS server.
Connecting to MFA-enabled RADIUS servers
Users connect to MFA-enabled servers by adding a comma (,) and 6-digit OTP to their JumpCloud password. For example, a user with a password of MyB@dPa33word would enter MyB@dPa33word,123456 for their password. Where 123456 represents the 6-digit OTP that is generated by a TOTP app like Google Authenticator.
Educate your users: How do I connect to a wifi or VPN server that requires MFA?