What is GateKeeper Enterprise RADIUS Integration

Add 2FA to your applications using GateKeeper Enterprise. GateKeeper Enterprise now provides a RADIUS (Remote Authentication Dial-In User Service) server that can be integrated with your GateKeeper Enterprise solution to provide 2FA for applications such as VPNs (Virtual Private Networks). The RADIUS server will first authenticate the user with their Active Directory credential, and then request a 2nd factor (TOTP via Google Authenticator or another authenticator app, SMS, Email, or Push notification), when accessing applications such as VPNs.

Untethered Labs, Inc. has released a RADIUS server integration to provide 2-factor authentication for applications. RADIUS integration with the GateKeeper Enterprise system is a new feature that will help increase network cyber security posture and make compliance easier for everyone by ensuring secure access to applications via 2FA.

The RADIUS integration allows end users to securely authenticate against an identity provider, such as Microsoft Active Directory, and then require a second factor, such as an OTP code for 2-factor authentication. A typical use case of this feature would be to add 2-factor authentication for VPN applications to increase security for remote employees. 

How the GateKeeper RADIUS MFA Works?

After you deploy the GateKeeper 2FA agent as an on-premises service and set it up as a RADIUS authentication source on one or more services (e.g. VPN), GateKeeper Authentication Hub secures each authentication request with a second-factor verification.

When you log in to any application, the GateKeeper RADIUS server receives the login request. Then, the GateKeeper RADIUS server confirms your credentials with the identity provider (Active Directory). If the user credentials are accurate, then the GateKeeper RADIUS server initiates the second-factor authentication via the GateKeeper Hub.

Once the user completes the second factor of authentication, the GateKeeper RADIUS server returns an ACCESS ACCEPT response, finishing the MFA process for the application (e.g., VPN).

Explanation

1. User type their username and password to the VPN Client Device.
2. The VPN device will connect to the RADIUS server
3. RADIUS does the 1 Factor Authentication using the Active Directory 
4. RADIUS server connects to the GateKeeper Hub as a 2 Factor Authentication
5. The GateKeeper Hub sends MFA type (Email, SMS or TOTP)
6. User types OTP or TOTP
7. 2FA sends to VPN Client Device
8. The VPN Client device sends TOTP verification to the GateKeeper Hub
9. The GateKeeper Hub validates the OTP or TOTP and the User is authenticated.

For any additional questions or concerns regarding NFC cards, computer locking, password management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form at https://gkaccess.com/support/ or email support@gkaccess.com.