PingOne

Before you begin configuring a RADIUS gateway

Before you start setting up a gateway, ensure that you have the following information.

Prerequisites

To enable communication between PingOne Remote Authentication Dial-In User Service (RADIUS) gateway and your RADIUS clients, you’ll need:

  • To add the PingOne DaVinci service to your PingOne environment.

  • A RADIUS Client IP and Shared Secret for each RADIUS client.

  • A DaVinci flow with a DaVinci policy. You should add the RADIUS gateway connector, the PingID connector, and use an out-of-the-box RADIUS gateway flow. Learn more in the PingOne RADIUS gateway connector documentation. Learn more about PingOne DaVinci policies in DaVinci flow policies.

  • (Optional) If you want to perform multi-factor authentication (MFA) using PingID, you’ll also need to configure the RADIUS gateway in a PingOne environment that has PingID linked as a service.

  • RADIUS gateway currently supports PAP and MS-CHAP v2 protocols. If you want to use the MS-CHAP v2 protocol, you need a Network Policy Server (NPS). You’ll also need to enable users to enter an one-time passcode (OTP) with their username. Learn more in Enable users to enter an OTP with their username in MS-CHAP v2 mode.

  • (Optional) When using the PAP protocol, it is also possible to incorporate an NPS into a flow.

Docker

You can run the gateway in a Docker container or as a standalone Java application. If you plan to run the gateway in a Docker container, ensure that you have Docker installed on the computer that will run the gateway.

System requirements

The computer, virtual machine, or Docker environment that will run the gateway should have the following resources dedicated to the gateway:

  • Processor: 2 CPUs or virtual CPUs

  • RAM: 1 GB

  • Storage: 1 GB

Gateway access

The gateway requires access to the RADIUS client over the network as well as the ability to initiate outbound requests over the internet to establish a WebSocket Secure connection to PingOne.

The WebSocket Secure address varies depending on your region. Ensure that the gateway can access the WebSocket Secure address for your region.

Region Address

North America - US

wss://gateways.pingone.com/

North America - Canada

wss://gateways.pingone.ca/

Europe

wss://gateways.pingone.eu/

Asia Pacific - AU

wss://gateways.pingone.com.au/

Asia Pacific - AP

wss://gateways.pingone.asia/

PingOne user privileges

The administrator setting up the gateway should have the Environment admin role. To confirm, open the PingOne console, locate the administrator identity, and confirm its roles.