--- title: Adding a RADIUS Server description: To configure Juniper for PingID multi-factor authentication (MFA), you must add a RADIUS server. component: pingid page_id: pingid:pingid_integrations:pid_adding_radius_server canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_adding_radius_server.html revdate: January 28, 2024 section_ids: steps: Steps result: Result: result-2: Result: --- # Adding a RADIUS Server To configure Juniper for PingID multi-factor authentication (MFA), you must add a RADIUS server. ## Steps 1. Sign on to Juniper with your administrator ID and password. 2. In the left-hand navigation pane, go to **Authentication → Auth. Servers**. ![A screen capture of the Authentication Servers window showing the New list with the buttons New Server and Delete and a table with a header row that shows Authentication/Authorization Servers, Type, User Record Synchronization, and Logical Auth Server Name. There is a check box column at the left most side. Example servers Administrators and System Local appear as separate entries under the Authentication/Authorization Servers column. Under the Type column, there are two entries for Local Authentication. The columns for User Record Synchronization and Logical Auth Server Name have no entries..The row that contains the System Local entry has a check box in the left most column.](_images/opn1564020863507.png) 3. From the **New** list, select **RADIUS Server**, and then click **New Server**. ### Result: The**New Radius Server** window opens. ![A screen capture of the New Radius Server window. The window includes the Name and NAS-Identifier fields followed by sections for Primary Server and Backup Server. The Primary Server section includes fields for Radius Server, Authentication Port, Shared Secret, Accounting Port, NAS-IP-Address, Timeout, and Retries. There is also a check box option for Users authenticate using tokens or one-time passwords with the note: "If you select this, the device will send the user's authentication method as 'token' if you use SAML, and this credential will not be used in automatic SSO in backend applications. In this screen capture, the Backup Server section includes the specification that it is required only if Backup server exists and fields for Radius Server, Authentication Port, Shared Secret, and Accounting Port."](_images/nst1564020866108.png) 4. In the **New Radius Server** window, enter the following information: 1. In the **Name** field, enter the RADIUS Server name. 2. In the **NAS-Identifier** field, enter the name of the device as known to the RADIUS server. 3. In the **Radius Server** field, enter the DNS name or IP address of the RADIUS server password credential validator (PCV). 4. In the **Authentication Port** field, enter the port configured in the RADIUS server PCV. The default value is `1812`. 5. In the **Shared Secret** field, enter the shared secret configured in the RADIUS server PCV. 6. In the **Accounting Port** field, enter the port used for RADIUS accounting. | | | | - | ------------------------------------------------------ | | | The default value is `1813` and should not be changed. | 7. In the **Timeout** field, enter `60`. The default value is `30`. | | | | - | -------------------------------------------------------------------------------------------------- | | | The **Timeout** field determines the amount of time in seconds before the connection is timed out. | 5. Click **Save Changes**. ### Result: The Custom Radius Rules section is enabled. ![A screen capture of the Custom Radius Rules section.](_images/ujg1564020868445.jpg) 6. Click **New Radius Rule**. The following window is didplayed: ![A screen capture of the Add Custom Radius Rule window showing the configuration details from the previous configuration steps.](_images/pon1564020869349.png) 7. In the **Add Custom Radius Rule** window, enter the following information: 1. In the **Name** field, enter `Offline`. 2. From the **Response Packet Type** list, select **Access Challenge**. This is the default value. 1. Select the **Show Generic Login Page** check box. 8. Click **Save Changes**.