Configure the RADIUS server for Airlock 2FA

This page explains how to configure the Airlock IAM RADIUS server to use Airlock 2FA for authentication.

RADIUS clients such as access gateways, VPN servers or SSH servers can use Airlock 2FA One-Touch indirectly by communicating through the Airlock IAM RADIUS server.

• User authentication with Airlock 2FA as the second factor in the Main Authenticator plugin is configured.
• The RADIUS server is configured in Airlock IAM.

• The basic Airlock 2FA settings exist.

The RADIUS server only supports One-Touch (including fallback to Passcode).

1. Go to:

Service Container >> Services >> RADIUS Server Config >> Service

2. Connect the Main Authenticator that contains Airlock 2FA as the second factor.


Make sure that the Airlock 2FA Authenticator used in the connected Main Authenticator supports "One-Touch".

3. In Optional Authentication Settings, make sure Blocking if Asynchronous is checked.
4. Set Authenticator Polling Interval Millis to 1000 (equals one second).
5. If required adapt the reply message Asynchronous Reply Message (in Reply Message Settings): RADIUS clients display this message while waiting for the user to press the Approve button on the app.
6. To enable fallback to Passcode, use the property Airlock 2FA Passcode Fallback. Please refer to the property description in the Config Editor for further information.
7. One-Touch is now ready to use via RADIUS.

• Airlock 2FA configuration hints
• Airlock 2FA Settings plugin – global shared Airlock 2FA configuration