Before you begin, complete the following tasks:
- Your organization has installed and configured PingFederate. For more information, see Installation.
- PingFederate is configured with
an LDAP Password Credential Validator (PCV). For more information, see Managing Password Credential Validator instances.Note:
PingID RADIUS PCV version 2.5.0 is incompatible with PingFederate version 11.2 and later. When upgrading to 11.2 or later, you must also upgrade the PCV version if you’re currently using PCV version 2.5.0.
- You have administrator credentials for the PingFederate administrative console.
- Your VPN is configured to use the Password Authentication Protocol (PAP), MS-CHAP
v2, or MS-CHAP v2 (EAP).Note:
CHAP is not supported by the PingFederate RADIUS server.
- To apply PingID policy features
that require IP address information, the client IP address must be provided. The
client IP must be sent using the RADIUS attribute
66:Tunnel-Client-Endpoint. For more information, see Configuring a RADIUS PCV and SSH access policy.Note:If the client IP attribute is not included:
- IP-based policies will not work.
- Entries in the PingOne report IP address field will show a value of N/A.
Integration for devices using a RADIUS server is a two-stage process
The first stage consists of installing the PingID integration kit for VPN and then configuring the RADIUS server on PingFederate. See Installing the PingID Integration Kit for VPN and Configuring a RADIUS server on PingFederate. You should also look at PingID RADIUS PCV parameters reference guide.
The second stage is configuration of your VPN device. Currently, supported devices are covered as follows: