Cascading Authentication Support

Cascading multiple external authentication servers provides a continuous, reliable process for authenticating and authorizing external users. If authentication fails on the first authentication server, then Ivanti Policy Secure attempts to authenticate the user by using the subsequent external authentication server configured in the realm under the sign-in policy page. The fallback mechanism continues until the user is successfully authenticated or there is no available realm. This feature is supported for Native Supplicant 802.1x and non EAP (like PAP, CHAP) RADIUS usecase.

To configure cascading authentication support:

1. Select Authentication > Auth.servers and create auth server. For example, AD or RADIUS server.
2. Select Signing in > Sign-in Policies. Arrange the realms in the desired order. The fallback authentication is based on this order.
3. Enable Fallback to next available realm if authentication fails option for user or admin users.

   

4. Verify the Sign-in Policies page.