Using RADIUS

Adding a RADIUS MFA provider

To add a RADIUS MFA provider:

  1. Navigate to Site Settings > Connection > Multi-factor authentication.

  2. Click the plus sign icon and select the provider you want to add.

  3. Specify the following:

    • Name: Name of the provider.

    • Description: Description of the provider.

    • In the Themes table select the Themes that will use this MFA provider.

  4. Click Next.

  5. Specify the following:

    • Display name: Specify the name of the connection type that will be displayed on the Logon screen on the client side. This should be the name that your users will clearly understand.

    • Primary server and Secondary server: These two fields allow you to specify one or two RADIUS servers to include in the configuration. Specifying two servers gives you an option to configure high availability for RADIUS hosts (see below). Specify a server by entering its hostname or IP address or click the [...] button to select a server via Active Directory.

      When two RADIUS servers are specified, select one of the following high availability modes from the HA mode drop-down list: Active-active (parallel) means the command is sent to both servers simultaneously, the first to reply will be used; Active-passive (failover) means failover and timeout are doubled, Parallels RAS will wait for both hosts to reply.

    • HA mode: See Primary server and Secondary server above. If only the Primary server is specified, this field is disabled.

    • Port: Enter the port number for the RADIUS Server. Click the Default button to use the default value.

    • Timeout: Specify the packet timeout in seconds.

    • Retries: Specify the number of retries when attempting to establish a connection.

    • Secret key: Type the secret key.

    • Password encoding: Choose from PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol), according to the setting specified in your RADIUS server.

    • User Prompt: Specify the text that the user will see when prompted with an OTP dialog.

    • Forward username only to RADIUS server: Select this option if needed.

    • Forward the first password to Windows authentication provider: Select this option to avoid a prompt to enter the password twice (RADIUS and Windows AD). Note that for Azure MFA server, this option is always enabled and cannot be turned off.

  6. Click Create when done.

Configuring a RADIUS MFA provider

To configure a RADIUS MFA provider:

  1. Navigate to Site Settings > Connection > Multi-factor authentication.

  2. Double-click the name of the provider that you want to configure.

  3. Click the Edit button.

  4. The following categories are available for configuration:

Note: Once created, attributes cannot be edited in RAS Management Portal. To edit attributes, the desktop-based Parallels RAS Console.

  1. Click Save when done.

© 2024 Parallels International GmbH. All rights reserved.