Before you begin configuring a RADIUS gateway
Before you start setting up a gateway, ensure that you have the following information.
Prerequisites
To enable communication between PingOne Remote Authentication Dial-In User Service (RADIUS) gateway and your RADIUS clients, you’ll need:
-
To add the PingOne DaVinci service to your PingOne environment.
-
A RADIUS Client IP and Shared Secret for each RADIUS client.
-
A DaVinci flow with a DaVinci policy. You should add the RADIUS gateway connector, the PingID connector, and use an out-of-the-box RADIUS gateway flow. Learn more in the PingOne RADIUS gateway connector documentation. Learn more about PingOne DaVinci policies in DaVinci flow policies.
-
(Optional) If you want to perform multi-factor authentication (MFA) using PingID, you’ll also need to configure the RADIUS gateway in a PingOne environment that has PingID linked as a service.
-
RADIUS gateway currently supports PAP and MS-CHAP v2 protocols. If you want to use the MS-CHAP v2 protocol, you need a Network Policy Server (NPS). You’ll also need to enable users to enter an one-time passcode (OTP) with their username. Learn more in Enable users to enter an OTP with their username in MS-CHAP v2 mode.
-
(Optional) When using the PAP protocol, it is also possible to incorporate an NPS into a flow.
Docker
You can run the gateway in a Docker container or as a standalone Java application. If you plan to run the gateway in a Docker container, ensure that you have Docker installed on the computer that will run the gateway.
System requirements
The computer, virtual machine, or Docker environment that will run the gateway should have the following resources dedicated to the gateway:
-
Processor: 2 CPUs or virtual CPUs
-
RAM: 1 GB
-
Storage: 1 GB
Gateway access
The gateway requires access to the RADIUS client over the network as well as the ability to initiate outbound requests over the internet to establish a WebSocket Secure connection to PingOne.
The WebSocket Secure address varies depending on your region. Ensure that the gateway can access the WebSocket Secure address for your region.
Region | Address |
---|---|
North America - US |
wss://gateways.pingone.com/ |
North America - Canada |
wss://gateways.pingone.ca/ |
Europe |
wss://gateways.pingone.eu/ |
Asia Pacific - AU |
wss://gateways.pingone.com.au/ |
Asia Pacific - AP |
wss://gateways.pingone.asia/ |