RADIUS Configuration Migration

The configuration flow for RADIUS based authentication on Ivanti Policy Secure and the equivalent configuration on SBR is described in the below table. The examples documented in this guide is based on SBR latest Release version.

Table describes the recommended configuration flow for Ivanti Policy Secure.

Step

Configuration on SBR

Equivalent configuration on Ivanti Policy Secure

Step 1

Configure Users > Native > Add Native Users.

Configure Authentication Server

 

Step 2

SBR profile-based authentication.

Configure the Authentication Realm, Role mapping rules and Sign-In Policy.

Step 3

Configure SBR > Location Groups.

Configure the Location Group

Step 4

Configure SBR > Radius Client

Configure a RADIUS client

 

Step 5

Configure SBR > Profiles.

Create RADIUS return attribute policy

 

Exporting SBR XML Configuration

To export the SBR configurations:

  1. Run the SBR Administrator.

  2. Choose File > Export.

  3. In the Export dialog, select the information to export. Each tab in the dialog lists exportable items of a particular category. For each category, select the appropriate tab and click each item you’d like to export. To select a contiguous range of items, select the first item in the range, hold down the Shift key, and click the last item in the range.

    • To select a non-contiguous set of items, hold down the Ctrl key as you click each item you want.

    • To select all items in a category, click All.

    • To select all items in all categories, click Select All.

    A screenshot of a social media post

Description automatically generated

  4. After you have selected the items to export, click OK.

    A screenshot of a cell phone

Description automatically generated

  5. In the Export to XML file dialog, enter the file name and click Save.

Importing SBR XML file to Ivanti Policy Secure

To import the SBR XML file to Ivanti Policy Secure from Ivanti Policy Secure Admin console:

  1. Select Maintenance > Import/Export > XML Import/Export > Import SBR Configuration.

  2. Click Browse and browse the SBR xml file which needs to be imported.

  3. Click Import.

    A screenshot of a social media post

Description automatically generated

Authentication Server on Ivanti Policy Secure

Ivanti Policy Secure provides a seamless migration from SBR server to Ivanti Policy Secure server. Once it is migrated it can be easily paired with an organization’s other identity databases, such as LDAP, RADIUS server and Active Directory (AD) to leverage existing credentials.

Import the SBR xml file to Ivanti Policy Secure. After importing the file:

  1. Select Authentication > Authentication Server. You can see the imported file on Ivanti Policy Secure authentication server. Local Auth Server named as SBRMigrationAuthServer is created for SBR migration.

  2. Auth Server will be created with default values.

  3. Password storage type will be set to clear text by default.

  4. Password must be different from user name and New Passwords must be different from previous password options will be disabled.

    A screenshot of a cell phone

Description automatically generated

    A screenshot of a cell phone

Description automatically generated

User Creation on Ivanti Policy Secure

The Users are created on SBRMigrationAuthServer.

Password will be stored in plain text.

Default password will be pulsesecure.

User must change password if next sign-in flag is enabled.

If user in SBR contains attributes, it will added into attribute table of that user in Ivanti Policy Secure.

If user in SBR has a profile associated with it, then attributes in the associated profile will be added into attribute table of that user in Ivanti Policy Secure.

A screenshot of a cell phone

Description automatically generated

Sign-In Page on Ivanti Policy Secure

Select Authentication > Signing In > Sign-In Pages. You can see the SBR Sign-In Page created by default.

A screenshot of a cell phone

Description automatically generated

Sign-In Policy

Select Authentication > Sign-In Policies.

The Sign-In policy user url */SBR/ with sign-in page as SBR Sign-In Page and Authentication Realm(s) as SBRMigRelam (802.1X) is created by default.

A screenshot of a cell phone

Description automatically generated

Authentication Protocol Sets

Select Signing In > Authentication Protocol Sets. SBRmigration802.1X is created by default.

A screenshot of a computer

Description automatically generated

Roles

Select Users > User Role > User Authentication Role. You can see the SBRMigRole user role created by default.

A screenshot of a cell phone

Description automatically generated

A screenshot of a cell phone

Description automatically generated

User Realms

Select Users > User Realms > User Authentication Realms. You can see the SBRMigrationRealm realm.

A screenshot of a cell phone

Description automatically generated

SBRMigrationRole is added in the role mapping rules.

A screenshot of a cell phone

Description automatically generated

Network Location Group Configured on SBR

Select Steel-Belted Radius > Location Groups to view the location groups.

Location Group on Ivanti Policy Secure

Select Endpoint Policy > Network Access > Location Group.

Location group contains */SBR/ in sign-in policies. Default SBRMigLocGroup is created for those Radius Client which is not using any profile and location group.

A screenshot of a computer

Description automatically generated

RADIUS Client Configured on SBR

Select Steel-Belted Radius > RADIUS Clients to view the configured RADIUS client.

Creating a new RADIUS Client on Ivanti Policy Secure

Select Endpoint Policy > Network Access > RADIUS Client.

For example, SBRMigrationRadiusClientPPS is configured as a RADIUS client.

A screenshot of a social media post

Description automatically generated

If RADIUS client is not using profile and location group then the default Location group is used.

If a RADIUS Client is using Profiles then:

  • If the profile is used by any of Location group: then will associate the RADIUS client with that location group

  • If profile is not used by any location group, then a location group with name “SBRMigProfile<ProfileID/Name>” is created on Ivanti Policy Secure which will be associated to RADIUS Client.

  • The default shared secret will be pulsesecure for all imported RADIUS clients.

RADIUS Return Attribute on SBR

Select Return List and note down the attribute and value.

Configuring RADIUS Return Attribute Policies on Ivanti Policy Secure

  1. Select Endpoint Policy > Network Access > RADIUS Attributes > RADIUS Return Attributes.

  2. Click Return Attributes tab to see the configured policies.

For example, SBRMigrationRadRetAttrdef

A screenshot of a computer

Description automatically generated

  • If Location group is using profile then will use those location group into profile.
  • If RADIUS Client is using profile and no location group is using that profile, then the Location Group used during the creation of RADIUS client will be attached to that  profile.
  • If profile is not used by any location group or RADIUS Client it will not be imported.
  • Only Ivanti Policy Secure supported attributes will be imported. For example, if SBR supports attribute_a, attribute_b and attribute_c and Ivanti Policy Secure supports attribute_a and attribute_b then profile will contain only attribute_a and attribute_b.