BeyondTrust Remote Support RADIUS Integration
This article assumes that MonoSign RADIUS Server is configured properly. If you have any issue with RADIUS server, you can check this article.
This document explains how to implement MonoSign RADIUS Server with BeyondTrust. Before you continue, it is better to start with BeyondTrust’s RADIUS implementation page.
Creating an Application and Access Key on MonoSign
Navigate to the application dedicated to RADIUS Server. Once you navigate, click Keys and Add New Key to create a RADIUS access key.
In the opened modal, choose RADIUS as Key Type and switch to RADIUS Settings. Fill in the necessary fields according to the information provided by BeyondTrust. Correspondings of the fields are as below.
Field | Value |
|---|---|
NAS-Identifier | Name of the device dedicated to RADIUS |
NAS-IP | Name or IP address of the RADIUS Server |
Shared Secret | Shared Secret defined on the RADIUS Server |
Click Save and you are gonna see your configuration for your access key as follows.
Configuration Single Sign-On for BeyondTrust
In order to configure the RADIUS Server on MonoSign for BeyondTrust, create a Security Provider first. Navigate to Users & Security > Security Providers. Click Add and choose RADIUS.
Fill in the necessary fields. Correspondings of the fields are as below.
Field | Value |
|---|---|
Name | Label for referencing the provider |
Enable | True |
Default Group Policy | Each user who authenticates against an external server must be a member of at least one group policy. Select a default group policy to apply to all users |
Hostname | Name or IP address of the RADIUS Server |
Shared Secret | Shared secret defined on the RADIUS Server |
Connection Agent Password | Password to configure Connection Agent. It will be asked while installing the agent. |
Timeout | Recommended: 120 seconds |
You can choose to allow access only to specified users on your RADIUS server. Enter each username separated by a line break.
If the two systems are unable to communicate directly, such as if your external directory server is behind a firewall, you must use a Connection Agent.
By clicking Save, the Test Settings section will be available on the Security Provider detail page. Use username and password for an account that exists on the server you are testing. This account must match the criteria for login specified in the configuration above. If the Try to obtain user attributes option is checked, your successful credential test will also attempt to check user attributes and group lookup.
If your server is properly configured and you have entered a valid test username and password, you will receive a success message. Otherwise, you will see an error message and a log that will help in debugging the problem.