You can enable RADIUS authentication using the configuration files located in the <pf_install>/pingfederate/bin directory. The RADIUS protocol provides a common approach for implementing strong authentication in a client-server configuration.
PingFederate supports the protocol scenarios for one-step authentication, such as appending a one-time passcode obtained from an authenticator to the password, and two-step authentication, such as through a challenge-response process.
When RADIUS authentication is configured, PingFederate does not lock out administrative users based on the number of failed sign-on attempts. Instead, responsibility for preventing access is delegated to the RADIUS server and enforced according to its password lockout settings.
The NAS-IP-Address attribute is added to all Access-Request packets sent to the RADIUS server. The value is copied from the pf.engine.bind.address property in run.properties. Only IPv4 addresses are supported.