Radius Provider

You can configure a Radius Provider for applications that don't support any other protocols or require Radius.

info

This provider requires the deployment of the RADIUS Outpost

Currently, only authentication requests are supported.

Authentication flow

Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.

The following stages are supported:

Identification
Password
Authenticator validation

Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.

For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password example-password and the code 123456, the input must be example-password;123456.

SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
User Logout
User Login
Deny

Limitations

The RADIUS provider only supports the PAP (Password Authentication Protocol) protocol:

Authentication flow​

Limitations​

Authentication flow

Limitations