Support Center

Configuring RADIUS Servers in JumpCloud

This document is meant to be used along with Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud's RADIUS.
 

Considerations

  • Your public IP can only be used one time in JumpCloud.
  • You can use DHCP addresses, but when the address changes, you'll need to update the RADIUS server's details with the new IP address. You can do this in the API.
  • MSCHAP and EAP-PEAP/MSCHAP2 can’t be used as an authentication method with MFA enabled RADIUS. We recommend using EAP-TTLS/PAP for authentication. We don’t recommend using PAP.
  • Mac and iOS devices require additional software to use EAP-TTLS/PAP authentication for wireless clients. See this KB for more information.

Adding a RADIUS Server

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to RADIUS.
  3. Click ( + ). The New RADIUS server panel appears.
  4. Configure the RADIUS server:
    • Enter a name for the server. This value is arbitrary.
    • Enter a public IP address from which your organization's traffic will originate.
    • Provide a shared secret. This value is shared with the device or service endpoint you're pairing with the RADIUS server.
  5. Configure Multifactor Authentication for the RADIUS server:
  • Toggle the MFA Enforcement for this RADIUS server is option to On to enable MFA for this server. This option is Off by default.
  • Select Users will be challenged if they have MFA actively set up to require all JumpCloud users with MFA active for their account provide a TOTP code when they connect to this server. 
  • Select Users will be challenged unless they are in active an enrollment period to require all JumpCloud users that aren’t in an MFA enrollment period provide a TOTP code when they connect to this server.
  • Select Users will always be challenged including during an enrollment period to require all JumpCloud users, even those in MFA enrollment periods, provide a TOTP code when they connect to this server.
    Learn how to connect to MFA-enabled servers.
    Tip: You can see if MFA is enabled for a RADIUS server in the RADIUS list's MFA Status column.
  1. To grant access to the RADIUS server, click the User Groups tab, then select the appropriate groups of users you want to connect to the server.
  2. Click save RADIUS server.


Connecting to MFA-enabled RADIUS servers 

Users connect to MFA-enabled servers by adding a comma (,) and 6-digit OTP to their JumpCloud password. For example, a user with a password of MyB@dPa33word would enter MyB@dPa33word,123456 for their password. Where 123456 represents the 6-digit OTP that is generated by a TOTP app like Google Authenticator.

Educate your users: How do I connect to a wifi or VPN server that requires MFA?

 
 
 

 

 

Last Updated: Jul 18, 2019 04:31PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete