Setup

Resources

For information and setup help, see the following documentation:

Requirements

To use the connector, you'll need:

  • A PingOne license.
  • A PingOne environment.
  • A RADIUS gateway. To create and configure a RADIUS gateway see RADIUS Gateways.

Setting up the connector.

In DaVinci, go to Connections and add a PingOne RADIUS gateway connector. For help, see Adding a connector.

Using the connector in a flow

Use the RADIUS Gateway connector to instruct DaVinci to respond to a RADIUS Gateway authentication session request. The connector can send one of the following responses:
  • Accept: Indicates that a user has completed all the required authentication steps. The RADIUS gateway sends an ACCESS_ACCEPT response to the RADIUS client, and grants the user access.
    Note: You can send user RADIUS attributes back to the RADIUS client, and the connector also provides the option to define vendor-specific attributes.
  • Reject: Indicates that a user failed a required authentication step. The RADIUS gateway sends an ACCESS_REJECT response to the RADIUS client, and rejects the user’s authentication request.
  • Challenge: Instructs the gateway to send a challenge to the authenticating user by sending an ACCESS_CHALLENGE response to the RADIUS client.

    Note: This response type is only supported when using a RADIUS client that supports ACCESS_CHALLENGE requests.
  • Poll: Indicates that the user is authenticating with the PingID mobile app, and the DaVinci flow is waiting for a push response.

RADIUS gateway flow templates

PingOne provides out-of-the-box DaVinci flows that you can integrate into your RADIUS gateway.
Note: To use a RADIUS gateway flow template, you first need to add thePingID connector and the PingOne RADIUS Gateway connector.
The following RADIUS gateway flow is available:
  • RADIUS Gateway - authentication flow: This flow can be used to authenticate users when accessing RADIUS clients that support the RADIUS PAP protocol. You can customize the following options:
    • OTP Fallback: If the PingID server can't reach the device or the push response can't be completed, allow users to authenticate with a one-time passcode instead.
    • Newline Character: Select a line separation character to use for RADIUS server challenge messages.
    • RADIUS response attribute.
    To download this flow, search for RADIUS gateway - authentication flow in the DaVinci flow library.
To customize the RADIUS Gateway authentication flow template:
  1. In the DaVinci Flow library search for RADIUS gateway authentication flow and import the flow. For help, see Using flow templates.
    RADIUS gateway authentication flow showing the flow settings node
  2. To configure an OTP Fallback, select the Flow settings node and modify the OTP_FALLBACK variable. Possible values: True or False.
  3. To define a Newline Character, select the Flow settings node and modify the NEWLINE_CHARACTER variable. Choose from:
    • None: (leave the field empty if you do not want to define a newline character).
    • \n: Unix style.
    • \r\n: Windows style.
    • <br>: HTML
  4. To add a RADIUS response attribute: Select the Authentication Approved node, click Add and define the attribute properties.

    RADIUS gateway authentication flow showing the Authentication Approved node

Capabilities

Radius Response

The returned message sent to the RADIUS client.

Details
Details
Properties
Response Type dropDown

The type of returned message sent to the RADIUS client. Valid response types are CHALLENGE, POLL, ACCEPT, or REJECT.

  • CHALLENGE
  • POLL
  • ACCEPT
  • REJECT
Response Value textField

The text that displays in the Reply-Message, which is sent to the RADIUS client and visible to the user, limited to 253 characters.

Use the following fields to map values from your flow to RADIUS attributes. label
Attribute Mapping attributesRulesList
Input Schema
default object
responseType string required
responseValue string
description string
attributeMapping array
Output Schema
output object
text string