Documentation

Introduction

Use this guide to enable 2-Factor Authentication access via RADIUS to Juniper SSL VPN

Prerequisites

1. Have Juniper IVE and access to the Juniper Admin console

2. Configure the SecureAuth App Enrollment Realm (SecureAuth998) in the SecureAuth IdP Web Admin for the RADIUS OTP authentication requests

3. Install and configure the SecureAuth RADIUS Server with Juniper IVE added as a client

Juniper SSL VPN Configuration Steps

Click the thumbnails to view expanded images


1. Log on Juniper IVE via the Admin console by selecting Auth Server Create a New Radius Server

Add Server dialogue box
SecureAuth RADIUS information
NameRADIUS Server description name of your choice
Radius ServerIP Address or Name of the RADIUS Server
Authentication Port1812
Shared SecretSecureAuth RADIUS Shared Secret
Accounting Port1813
Timeout60 Seconds recommended
Retries3 (recommended)


2. Create a new Custom Radius Rule as in the image at left, and save the settings

Use only a dot and an asterisk for lengthy reply messages – i.e. .*

 

3. Create a New User Realm to use with this RADIUS Authentication method

 

4. Add / Create the Role(s) for this New User Realm using SecureAuth RADIUS

5. Create a Sign-in URL and select this User Realm

RADIUS Client Configuration Steps




OR


1. Open a web browser or Juniper VPN client and connect to the newly-created profile

2. When prompted, enter your AD Username and Password 




OR

 

3. An Access Challenge for a Second Factor appears 

4. Enter the OTP code from the SecureAuth OTP app to connect to the VPN