RADIUS Server for Authentication
Integration of your Secure Remote Access Appliance with external security providers enables administrators to efficiently manage user access to BeyondTrust accounts by authenticating users against external directory stores. This guide is designed to help you configure the Secure Remote Access Appliance to communicate with a RADIUS security provider for the purpose of user authentication.
To define group policies based upon groups within a remote server, you must configure both the LDAP group provider and the RADIUS user provider. You then must enable group lookup from the user provider's configuration page. One group security provider can be used to authorize users from multiple servers, including LDAP, RADIUS, and Kerberos. For group policy setup and for other security provider configurations, see the additional guides provided at www.beyondtrust.com/docs.
Authenticate Using One-Time Passwords (OTP)
When using the Radius security provider, you can choose to use a one-time password (OTP) service provider, such as RSA SecurID. An OTP is simply a randomized password that is generated by a third-party service provider through a token or some other means and changes within a certain time frame to provide an extra layer of security upon login.
Within your OTP provider's interface, you can configure a prompt to appear asking for credentials on the login screens for the BeyondTrust representative console and /login administrative interface. Once configured, users must enter their BeyondTrust username and password and then the OTP into the prompt.
If the OTP is entered correctly, access to the BeyondTrust representative console or /login administrative interface will be granted. However, if the OTP is entered incorrectly, a new prompt will appear asking for the password to be re-entered.
Should you need any assistance, please contact BeyondTrust Technical Support at beyondtrust.com/docs/index.htm#support.