Token authentication via RADIUS

Many 3rd party token servers (e.g. OTP token servers) can be connected to Airlock IAM over the RADIUS protocol.

Usually, token checks over RADIUS are used to perform the 2nd authentication step after username/password authentication.

The following figure depicts the standard case:

  1. Check username and password against IAM DB (or LDAP or AD).
  2. Check OTP code against token server.
First and second login

Prerequisites

The following requirements must be met in order to make use of RADIUS authentication:

  • The users must be known in the RADIUS server.
  • Knowledge about responses of the RADIUS server and how they are to be mapped to Airlock IAM login screens.
  • IP, port, and the shared secret of the RADIUS server (can be more than one, typically for failover).