Starling Two-Factor Authentication Hosted - RADIUS Agent Administrator Guide

User repository

You can configure the user repository details in the User repository tab depending on the option used for storing user data. The user data can be stored either in Active Directory or in a CSV file.

NOTE: Currently, Starling Two-Factor RADIUS Agent supports data stored in Active Directory (LDAP) and CSV files.

Configuring repository for Active Directory

To configure the repository for data stored in Active Directory:

  1. Click the User repository tab and select Use Active Directory.
  2. Provide the following parameters:
    • Domain name: Domain name of the Active Directory.
    • User name: The user account used for querying the Active Directory.

      NOTE: The user account must have the read permission to query the Active Directory.

    • Password: Password of the account used for querying the Active Directory.
    • Base DN: Point from where the server searches for users. You must specify the root container to search the users in the format cn=users,dc=domain,dc=com, where cn is Common Name and dc is Domain Component. If Base DN is not specified, the entire directory is searched to locate the users. Users not belonging to the specified Base DN will not be found in Active Directory during authentication. Hence, the authentication will not happen.
    • Use SSL: Option to enable LDAP over SSL for communicating with Active Directory server.
    • Perform Primary Authentication: This enables the user to perform primary authentication via Active Directory before an authentication happens via Starling Two-Factor Authentication.
    • Advanced Settings: This allows the user to modify the Active Directory attribute mapping. You can update the Active Directory attribute fields in the Active Directory Advanced Settings window as per the requirement. In the window, you can map Name, Email and Phone Number to the attributes in Active Directory. The username entered in the client application will be validated against the Name attribute during two-factor authentication. By default, Name is mapped to samAccountName attribute in Active Directory.

NOTE: If the domain name, user name or password is invalid, an error message is displayed when you click Save Settings.

 

Click Save Settings after completing the configuration.

Configuring user repository for CSV file

To configure the repository for data stored in CSV file:

  1. Click the User repository tab and select Use CSV file.
  2. Provide the path of the .csv file.

    NOTE: The order of the attributes in the CSV file must be UserName,PhoneNumber,EmailAddress.

 

Click Save Settings after completing the configuration.

Configuring client settings

You can configure the RADIUS clients by providing the client details in the Client Settings tab. You can add, remove or update IP address, subnet mask and shared secret of clients in the Client Settings tab.

Related Documents