PingID Administration Guide

Integration for devices using a RADIUS server

You can integrate PingID multi-factor authentication (MFA) into your VPN or remote access system.

About this task

The following diagram shows a general authentication flow. The actual configuration varies depending on your organizational infrastructure considerations and policies.

Flowchart showing a typical authentication flow, as described in the topic text.
  1. A user opens their IPSec or SSL VPN sign on window and enters a user name and password.

  2. The VPN RADIUS client sends their details to the RADIUS Server on PingFederate.

  3. PingFederate authenticates the user’s credentials using the LDAP server as first-factor authentication.

  4. After LDAP authentication approval, the RADIUS server initiates a second authentication using PingID, and the user receives a push notification to the relevant device, such as the PingID mobile app or a YubiKey.

  5. The user approves the push notification or responds by entering a one-time passcode (OTP).

  6. The PingID cloud service verifies the response and sends it back to the RADIUS server.

  7. The RADIUS server returns a response to the VPN. If authentication is denied or an error occurs, the user receives an error message on their VPN window.

To configure PingID VPN integration, complete the following:

Steps

  1. Install the PingID Integration Kit in PingFederate.

  2. Configure the RADIUS server settings in PingFederate.

    For more information, see Configuring a RADIUS server on PingFederate.

  3. Configure your VPN client settings.

    For more information, see one of the following sections: