Before you start setting up a gateway, ensure that you have the following information.
To enable communication between PingOne RADIUS gateway and your RADIUS clients, you'll need:
- To add the PingOne DaVinci service to your PingOne environment.
- A RADIUS Client IP and Shared Secret for each RADIUS client.
- A DaVinci flow with a DaVinci policy. You should add the RADIUS Gateway connector, the PingID connector, and use an out-of-the-box RADIUS Gateway flow. For information, see the PingOne RADIUS gateway connector documentation. For information about PingOne DaVinci policies, see DaVinci flow policies.
- (Optional) If you want to perform multi-factor authentication (MFA) authentication using PingID, you'll also need to configure the RADIUS gateway in a PingOne environment that has PingID linked as a service.
- RADIUS gateway currently supports PAP and MS-CHAP v2 protocols. If you want to use the MS-CHAP v2 protocol, you need a Network Policy Server (NPS). You'll also need to enable users to enter an OTP with their username. For information, see Enable users to enter an OTP with their username.
You can run the gateway in a Docker container or as a standalone Java application. If you plan to run the gateway in a Docker container, ensure that you have Docker installed on the computer that will run the gateway.
The computer, virtual machine, or Docker environment that will run the gateway should have the following resources dedicated to the gateway:
- Processor: 2 CPUs or virtual CPUs
- RAM: 1 GB
- Storage: 1 GB
The gateway requires access to the RADIUS client over the network as well as the ability to initiate outbound requests over the internet to establish a WebSocket Secure connection to PingOne.
The WebSocket Secure address varies depending on your region. Ensure that the gateway can access the WebSocket Secure address for your region.
North America - US
North America - Canada
PingOne user privileges
The administrator setting up the gateway should have the Environment admin role. To confirm, open the PingOne console, locate the administrator identity, and confirm its roles.