SecureChange RADIUS Authentication

SecureChange supports RADIUS external authentication of users. To have your users authenticate to SecureChange with a RADIUS password, you must configure the connection to the RADIUS server. You can enter the details for a primary and a secondary RADIUS server.RADIUS authentication for SSH users can be enabled in TufinOS, allowing you to add RADIUS authenticated users to TufinOS. This requires that you specify the correct interface IP in /etc/hosts.

See also SecureTrack RADIUS Authentication.

Configure a Connection to a RADIUS Server

  1. Go to: Settings > Authentication > Radius
  2. Select Enable primary server.

  3. Enter the details for the RADIUS server:

    1. Server: The IP address or hostname of the primary RADIUS server
    2. Security: The security password for the primary RADIUS server
    3. Port: The IP port that the RADIUS server uses to accept connections
    4. Timeout: The amount of time that SecureChange waits to receive a response from the RADIUS server (between 1 and 600 seconds)
  4. Click Test connection to make sure that SecureChange can connect to the RADIUS server.

    If you have a secondary RADIUS server, select Enable secondary server and enter the details of the server.

  5. Click Save.

  6. Configure the default authentication method or configure the authentication method for specific users.

    • Default authentication - Go to Settings > Authentication > General and select Radius as the default authentication method.
    • User authentication - Go to Settings > Users, select a user, and, in the user Details tab, select Radius from the list of available authentication methods.
If no RADIUS server is configured and connected an alert icon is displayed ().

How Do I Get Here?

SecureChange > Settings > Authentication > Radius