1. Go to Integrations > Gateways.
  2. Click the + icon.
  3. Enter the following and click Next:
    • Name: A name for the gateway. The name must be unique within the environment.
    • Gateway Type: Select RADIUS.
    • Description: (Optional). A brief description of the gateway.
  4. In the DaVinci Policy ID field, select the DaVinci Policy ID that you want to apply to the RADIUS gateway.
  5. If you want to define a Default Shared Secret, enter it here.

    If no default is defined, you must enter a Client Shared-Secret for each Client IP address that you add.

    • The RADIUS server authentication port is 1812.
    • For security reasons, you should rotate the shared secret at least once a year.
  6. Optional: The RADIUS gateway uses the PAP protocol by default. To use MSCHAPv2 protocol, configure the RADIUS gateway to work with your Network Policy Server (NPS):
    1. Select the Use RADIUS Remote Network Policy Server check box.
    2. Enter the relevant NPS Server IP and Server port.

    Because validation of the client IP shared secret is performed on the RADIUS gateway side and the NPS side, you must make sure the shared secret on the client matches the shared secret on the endpoint NPS.

  7. In the RADIUS clients area, for each client that you want to add:
    1. Click Add Client.
    2. In the new row, enter the Client IP address of the VPN server or remote access system and the Client Shared Secret.

      If the Client Shared Secret field is left empty, the Default Shared Secret is used.

  8. Click Save.

    You can see the new gateway in the Gateways list. PingOne generates a gateway credential, which the gateway uses to authenticate with PingOne.


    A gateway credential is like a password, so keep it protected. For security reasons, PingOne does not store the generated gateway credentials, but you can always create a new one in the PingOne console. Multiple gateway instances can use the same gateway credential.

  9. Copy the credential and paste it to a secure location.

    You’ll use the credential later when starting a gateway instance.

  10. Optional: Click Show me the Docker command and copy it to a secure location.
  11. Click Done.

Starting a gateway instance