19.1.1. Configure the RADIUS server for Airlock 2FA

This page explains how to configure the Airlock IAM RADIUS server to use Airlock 2FA for authentication.

RADIUS clients such as access gateways, VPN server or SSH servers can use Airlock 2FA One-Touch indirectly by communicating through the Airlock IAM RADIUS server.

Prerequisites

  • User authentication with Airlock 2FA as second factor in the Main Authenticator plugin is configured.
  • The RADIUS server is configured in Airlock IAM.
  • The basic Airlock 2FA settings exist.

Limitations

The RADIUS server only supports One-Touch. Fallback to Passcode is not supported.

Instruction

  • 1.
    Go to:
  • Service Container >> Services >> RADIUS Server Config >> Service

  • 2.
    Connect the Main Authenticator that contains Airlock 2FA as second factor.
  • Make sure that the Airlock 2FA Authenticator used in the connected Main Authenticator supports "One-Touch".

  • 3.
    In Optional Authentication Settings, make sure Blocking if Asynchronous is checked.
  • 4.
    Set Authenticator Polling Interval Millis to 1000 (equals one second).
  • 5.
    If required adapt the reply message Asynchronous Reply Message (in Reply Message Settings): RADIUS clients display this message while waiting for the user to press the Approve button on the app.
  • One-Touch is now ready to use via RADIUS.