Configuring a RADIUS Server

This topic describes the features that are enabled when the PS-PROFILER-RADIUS-SM/MD/LG license is applied.

Follow the below mentioned steps to configure a RADIUS server:

1. Configure an Authentication Server

   Authentication and authorization servers authenticate user credentials and determine user privileges within the system. Ivanti Policy Secure is preconfigured with one local authentication server (System Local) to authenticate users and one local authentication server (Administrators) to authenticate administrators. You must add users either to the local authentication server or to external authentication servers.

   

   The configuration page is shown below.

   

2. Define an Authentication Realm

   Authentication realms contain policies specifying conditions the user or administrator must meet to sign in to the Ivanti Policy Secure. When configuring an authentication realm, you must create rules to map users to roles and specify which server (or servers) the Ivanti Policy Secure must use to authenticate and authorize realm members.

   

3. Define Sign-In Policy

   A sign-in policy defines which URL and realm(s) that the user will have access to. This is configured in Signing-in > Sign-in Policies > New URL. Select a Sign-in URL (Example: */radius), a sign-in page, and choose an available realm with an authentication protocol set.

   

4. Create User Role

   Roles define user session parameters or agent options. The Ivanti Policy Secure is preconfigured with one user role (Users) and two administrator roles (Administrators and Read-Only).

   

5. Create a RADIUS Client

   Select Endpoint Policy > Network Access > RADIUS Client > New RADIUS Client. Enter a name for the policy, the IP address of the client, an IP address range (optional), the shared secret, the make/model of your client, and your location group.

   

6. Configure RADIUS Return Attribute Policies

   Define specific return attributes to your switch and/or access point. It is often used to assign client to a specific VLAN. Select Endpoint Policy > Network Access > RADIUS Return Attribute Policies. Click New Policy. Enter the policy name, assign a location group, assign the attributes to be returned from a list, specify the interface and the user role.