--- title: "Prerequisites: PingFederate RADIUS server" description: Before you begin, complete the following tasks: component: pingid page_id: pingid:pingid_integrations:pid_prerequisites_pf_radius_server canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_prerequisites_pf_radius_server.html revdate: March 16, 2023 section_ids: integration-for-devices-using-a-radius-server-is-a-two-stage-process: Integration for devices using a RADIUS server is a two-stage process --- # Prerequisites: PingFederate RADIUS server Before you begin, complete the following tasks: * Your organization has installed and configured PingFederate. For more information, see [Installing PingFederate](http://docs.pingidentity.com/pingfederate/12.3/installing_and_uninstalling_pingfederate/pf_installing_pf.html). * PingFederate is configured with an [LDAP Username Password Credential Validator instance](http://docs.pingidentity.com/pingfederate/12.3/administrators_reference_guide/pf_creat_ldap_username_pass_credent_validat_instanc.html). | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | PingID RADIUS PCV version 2.5.0 is incompatible with PingFederate version 11.2 and later. When upgrading to 11.2 or later, you must also upgrade the PCV version if you're currently using PCV version 2.5.0. | * You have administrator credentials for the PingFederate administrative console. * Your VPN is configured to use the Password Authentication Protocol (PAP), MS-CHAP v2, or MS-CHAP v2 (EAP). | | | | - | -------------------------------------------------------- | | | CHAP is not supported by the PingFederate RADIUS server. | * To apply PingID policy features that require IP address information, the client IP address must be provided. The client IP must be sent using the RADIUS attribute `66:Tunnel-Client-Endpoint`. For more information, see [Configuring a RADIUS PCV and SSH access policy](../pingid_service_management/pid_configuring_radius_pcv_and_ssh_policy.html). | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If the client IP attribute is not included:- IP-based policies will not work. - Entries in the PingOne report **IP address** field will show a value of `N/A`. | ## Integration for devices using a RADIUS server is a two-stage process The first stage consists of installing the PingID integration kit for VPN and then configuring the RADIUS server on PingFederate. See [Installing the PingID Integration Kit for VPN](pid_installing_i_for_vpn.html) and [Configuring a RADIUS server on PingFederate](pid_config_radius_server_pf.html). You should also look at [PingID RADIUS PCV parameters reference guide](pid_radius_pcv_parameters.html). The second stage is configuration of your VPN device. Currently, supported devices are covered as follows: * [Overview of Cisco ASA for PingID MFA](pid_overview_cisco_asa_pid_mfa.html) * [Configuring Check Point VPN for PingID multi-factor authentication](pid_configuring_check_point_vpn_multi_factor_authentication.html) * [Configuring Juniper for PingID multi-factor authentication](pid_configuring_juniper_for_multifactor_authentication.html) * [Configuring Palo Alto Global Protect for PingID multi-factor authentication](pid_configuring_palo_alto_global_protect_multifactor_authentication.html)