Chat now with support
Chat with Support

Starling Two-Factor Authentication Hosted - RADIUS Agent Administrator Guide

Prerequisites to configure user repository

The following are the prerequisites to configure the user repository:

  • A domain controller must exist.

  • User must have the minimum read permission to query the Active Directory and read user data.

Configuring repository for Active Directory

If the user data is stored in Active Directory, you must configure the Starling Two-Factor RADIUS Agent to access the user data.

To configure RADIUS Agent to access user data stored in Active Directory

  1. On the Starling Two-Factor RADIUS Agent configuration page, click User Repository.

    The User Repository window is displayed.

  2. Select the required option to store the user data. By default, the Use Active Directory option is selected.
  3. Provide the following parameters:
    • Domain name: Name of the Active Directory domain.
    • User name: User account used for querying the Active Directory.
    • Password: Password of the account used for querying the Active Directory.
    • Base DN: This is the path from where user search is performed. You must specify the root container to search the users in the format cn=users,dc=domain,dc=com, where cn is Common Name and dc is Domain Component. If Base DN is not specified, the entire directory is searched to locate the users. Active Directory users who do not belong to the specified Base DN are not authenticated using two-factor authentication.
    • Use SSL: Option to enable LDAP over SSL for RADIUS server to communicate with Active Directory server.
    • Perform Primary Authentication: This allows RADIUS clients to perform primary authentication via Active Directory before an authentication happens via Starling Two-Factor Authentication.
    • Advanced Settings: This allows the RADIUS server to modify the Active Directory attribute mapping. These attribute values are used during authentication. You can update the Active Directory attribute fields in the Active Directory Advanced Settings window as per the requirement. In the window, you can map Name, Email, and Phone Number to the attributes in Active Directory. The username entered in the client application will be validated against the Name attribute during two-factor authentication. By default, Name is mapped to the samAccountName attribute in Active Directory.
  1. Click Save Settings after completing the configuration.

NOTE: If the domain name, user name, or password is invalid, an error message is displayed when you click Save Settings.

Configuring user repository for CSV file

If the user data is stored in CSV file, you must configure the Starling Two-Factor RADIUS Agent to access the user data.

To configure RADIUS agent to access user data stored in CSV file

  1. On the Starling Two-Factor RADIUS Agent configuration page, click User Repository.

    The User Repository window is displayed.

  1. Select Use CSV file to store the user data. By default, the Use Active Directory option is selected.
  2. In the File Path field, enter the absolute path to the .csv file or click Browse to select the .csv file.

    NOTE:

    • The CSV file must have a header row with the following parameters in the following order: UserName, PhoneNumber, and EmailAddress.
    • The rows following the header row must contain values pertaining to each parameter in the header row. The values entered must be comma separated without quotation marks.
    • If the CSV file is edited during an operation, the file must be saved and the service need not be restarted to pick the entered values.

  1. Click Save Settings after completing the configuration.

Configuring client settings

You can configure the RADIUS clients to be authenticated by providing the client details in the Client Settings window.

Related Documents