Get Started: RADIUS

Overview

JumpCloud RADIUS lets users securely authenticate their devices to WiFi, VPN, or other supported networks using JumpCloud. There are 3 available RADIUS configurations at JumpCloud that vary in complexity based on your preferred authentication method. With password-based authentication, users authenticate with the same credentials they use to access their other JumpCloud-protected resources (for example, the JumpCloud User Portal and SSO applications).

Note:

Password-based authentication is the default authentication method for JumpCloud RADIUS.

JumpCloud supports the following RADIUS configurations, differentiated by the method with which users authenticate on their devices:

  • Password-based authentication (WiFi or VPN)
    • Users authenticate to networks with their JumpCloud username or email address and password.
    • Reduces the need for additional configuration on end-user devices.
  • Passwordless-based authentication (WiFi)
    • AKA certificate-based authentication (CBA); this authentication method for RADIUS requires additional configuration steps to connect end-user devices to networks.
    • This method requires devices to connect using EAP-TLS.
  • Delegated authentication with Entra ID (WiFi)
    • Use JumpCloud RADIUS solely as the authentication server and maintain Entra ID as the identity provider (IdP).
    • Delegated auth is still password-based, but user credentials are managed in Entra ID.
    • This method requires devices to connect using EAP-TTLS/PAP.

Note:

Configuring JumpCloud RADIUS

Configuring JumpCloud RADIUS involves multiple steps including the JumpCloud configuration, the networking equipment configuration, and potentially the end-user device configuration depending on your chosen solution within your environment. The following serves as an overview of the process:

  1. Select the RADIUS configuration appropriate for your environment:
    1. Password
    2. Passwordless / CBA 
    3. Delegated Auth with Entra ID 
  2. Based on your preferred authentication method, configure your JumpCloud RADIUS server:
    1. Configure JumpCloud RADIUS with Password-Based Authentication
    2. Configure JumpCloud RADIUS with Passwordless/ CBA
    3. Configure JumpCloud RADIUS with Delegated Auth for Entra ID
  3. Next, configure your network hardware to use the JumpCloud RADIUS server:
    1. For generic configuration applicable to multiple vendors:
      1. Configure a WAP, VPN, or Router for RADIUS
    2. Vendor specific configurations:
      1. Configure Fortigate VPN to use Cloud RADIUS
      2. Configure Ubiquiti UniFi WAP to use Cloud RADIUS
      3. Configure Cisco Meraki WAP to Use Cloud RADIUS
      4. Configure Ruckus SmartZone to Use Cloud RADIUS
  4. Lastly, configure your endpoints to connect using JC RADIUS:

Note:
  • WiFi: if you selected Password-based authentication, no further configuration should be necessary. Users will connect from their end-user devices with JumpCloud credentials and will not require any additional configuration on their end-user devices. See Configure your WiFi Clients to use RADIUS for more information.
  • VPN: if you selected Password-based authentication, any additional configuration between your VPN service and your end-user device is required based on the specifics of your vendor.  
  1. If you selected Passwordless-based authentication / CBA, see the following information:
    1. Configure EAP-TLS for RADIUS using Certificate Example Scripts
    2. Certificate Based Authentication to RADIUS
  2. If you selected Delegated Authentication with Entra ID, configure your endpoints to use EAP-TTLS/PAP:
    1. Configure EAP-TTLS/PAP on Mac & iOS for RADIUS 
    2. Configure EAP-TTLS/PAP on Windows for RADIUS

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case