Reset Search



KB44686 - How to configure Azure Multi Factor Authentication for RADIUS

« Go Back


Last Modified Date1/27/2021 5:11 PM

How to configure Azure Multi Factor Authentication for RADIUS

This article summarizes the steps to configure Radius authentication server instance with Azure multi factor.
Problem or Goal
After the authentication process has been configured to use multiple factors on the RADIUS server, you need to configure the SSL VPN appliance to connect to the RADIUS server.
  1. Login to the administration interface for the SSL VPN appliance.
  2. Navigate to Authentication|Auth. Servers.
  3. Select RADIUS Server from the New drop menu.
  4. Click New Server.
  5. The New RADIUS Server screen opens.
  6. Leave the default settings, except for the following:
  7. Name – enter a name to identify the MFA server.
  8. NAS-Identifier – enter the FQDN of the MFA server.
  9. Primary Server – complete the following to configure access between the SSL VPN and MFA servers.
Note: Fields noted with a plus symbol (+) below will require the same information configured for the MFA settings (Azure|Multi-Factor Authentication Server|RADIUS Authentication|Clients).
  1. Radius Server – enter the server name or IP address.
  2. Authentication Port (+) – enter the same port number configured for authentication communication on the MFA server. (Default 1812)
  3. Shared Secret (+) – enter the security passphrase created to encrypt communication.
  4. Accounting Port (+) – enter the same port number configured for accounting communication on the MFA server. (Default 1813)
  5. Timeout – it is important to set a sufficient length of time for users to login using MFA. 30 seconds is a common duration, but may need to be adjusted. For example, large organizations may need more time to accommodate a higher volume of requests.
Custom RADIUS Rules – required for both one-way text message and OATH token features; complete the following to configure RADIUS to prompt users for challenge/response verification codes on the login page.
a. Click New RADIUS Rule.
b. The Edit Custom RADIUS Rule screen opens.
c. Leave default settings except for the following:
  1. Name – enter a descriptive name for the rule.
  2. Response Packet Type – select Access Challenge.
  3. Attribute criteria – configure the challenge that will prompt for verification codes:
  • Radius Attribute – select Reply Message (18).
  • Operand – select matches the expression.
  1. Then take action – select show Generic Login page 
Click Save Changes to complete configuration.
Related Links
Attachment 1 
Created ByJoel Thomas



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255