PingOne

Adding a RADIUS gateway

Add a RADIUS gateway to allow PingOne to communicate with your RADIUS clients.

Steps

  1. Go to Integrations → Gateways.

  2. Click the icon.

  3. Enter the following and click Next:

    • Name: A name for the gateway. The name must be unique within the environment.

    • Gateway Type: Select RADIUS.

    • Description: (Optional). A brief description of the gateway.

  4. Optional: In theAuthentication Port, enter the relevant port number. The default is 1812.

    You must stop all active gateway instances before modifying the authentication port.
  5. In the DaVinci Policy ID field, select the DaVinci Policy ID that you want to apply to the RADIUS gateway.

  6. If you want to define a Default Shared Secret, enter it here.

    If no default is defined, you must enter a Client Shared-Secret for each Client IP address that you add.

    For security reasons, you should rotate the shared secret at least once a year.
  7. Optional: To incorporate a Network Policy Server (NPS), configure the following settings:

    1. Select the Use RADIUS Remote Network Policy Server check box.

    2. Enter the relevant NPS Server IP and Server port.

      Because validation of the client IP shared secret is performed on the RADIUS gateway side and the NPS side, you must make sure the shared secret on the client matches the shared secret on the endpoint NPS.

  8. In the RADIUS clients area, for each client that you want to add:

    1. Click Add Client.

    2. In the new row, enter the Client IP address of the VPN server or remote access system and the Client Shared Secret.

    If the Client Shared Secret field is left empty, the Default Shared Secret is used.

  9. Click Save.

    Result:

    You can see the new gateway in the Gateways list. PingOne generates a gateway credential, which the gateway uses to authenticate with PingOne.

    A gateway credential is like a password, so keep it protected. For security reasons, PingOne does not store the generated gateway credentials, but you can always create a new one in the PingOne console. Multiple gateway instances can use the same gateway credential.

  10. Copy the credential and paste it to a secure location.

    You’ll use the credential later when starting a gateway instance.

  11. Optional: Click Show me the Docker command and copy it to a secure location.

  12. Click Done.

Next steps