RADIUS Server for Authentication

Integration of your B Series Appliance with external security providers enables administrators to efficiently manage user access to BeyondTrust accounts by authenticating users against external directory stores.This guide is designed to help you configure the B Series Appliance to communicate with a RADIUS security provider for the purpose of user authentication.

To define group policies based upon groups within a remote server, you must configure both the LDAP group provider and the RADIUS user provider. You then must enable group lookup from the user provider's configuration page. One group security provider can be used to authorize users from multiple servers, including LDAP, RADIUS, and Kerberos. For group policy setup and for other security provider configurations, please see the additional guides provided at https://www.beyondtrust.com/docs/remote-support/index.htm.

Authenticate Using One-Time Passwords (OTP)

Representative Console One Time Password Prompt

When using the Radius security provider, you can choose to use a one-time password (OTP) service provider, such as RSA SecurID. An OTP is simply a randomized password that is generated by a third-party service provider through a token or some other means and changes within a certain time frame to provide an extra layer of security upon login.

 

/login One Time Password Prompt

Within your OTP provider's interface, you can configure a prompt to appear asking for credentials on the login screens for the BeyondTrust representative console and /login administrative interface. Once configured, users must enter their BeyondTrust username and password and then the OTP into the prompt.

 

/login PIN Accepted - Enter New Passcode
Rep Console PIN Accepted - Enter New Passcode

If the OTP is entered correctly, access to the BeyondTrust representative console or /login administrative interface will be granted.

 

/login Re-enter One Time Password Prompt
Rep Console Re-enter One Time Password Prompt

However, if the OTP is entered incorrectly, a new prompt will appear asking for the password to be re-entered.

Should you need any assistance, please log into the Customer Portal to chat with Support.