Skip to main content

Quick-Start Guides

🟠 Quick-start guide - Cloud RADIUS with Passwordless MFA login

In this guide we will configure idemeum Cloud RADIUS for your tenant, so that users can access Wi-Fi, VPN, or any other network resources with idemeum Passwordless MFA.

Sign up for idemeum MSP tenant

If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

How to create idemeum cloud tenant
Create idemeum cloud tenant for your organization so that you can test various idemeum services.

Enable cloud directory for your MSP tenant

To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:

  • Navigate to https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser source and choose Local
  • Save the configuration

Create accounts for your technicians

Now you can add your technicians to your tenant local directory. Once onboarded they will be able to login to your MSP tenant and also customer tenants with a mobile device.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser management and click Add user
  • Enter the email address that the user will verify in the mobile application to be onboarded into your tenant, and save the user record
📪
Your technicians will need to install idemeum mobile application, verify one of the emails you specified in the user record, navigate to your MSP tenant URL, scan the QR-code, and they will be onboarded.

Create a customer tenant that you will manage

idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:

  • Navigate to your MSP tenant admin portal at https://your-domain.idemeum.com/adminportal
  • Access Customers on the left and click Create customer
  • Enter Name (will be used to create a subdomain for your MSP tenant, for example customer-<your MSP domain>.idemeum.com) and Display name (will be used as a display name / title for your customer tenant)

Once the customer tenant is created, you can navigate to its URL and login with a mobile device. More on how to access customer tenants below.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Delegate technician access to customer tenant

You have two options:

  1. You can make every technician an Admin in your MSP tenant and as a result, technicians will have access to all created customers tenants by default.
  2. You do not assign an Admin role to a technician, but delegate access to each customer tenant directly.

To assign an Admin role to a technician, please follow these steps.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access Users
  • Find the user record, click on ... and then choose Make admin

To delegate access to each customer tenant directly, please follow these steps.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Configure customer tenant

Now we will configure customer tenant with RADIUS set up.

  • Access your customer tenant with a mobile device. You can directly navigate to a customer tenant URL at customer-<your msp domain>.idemeum.com or navigate to your MSP postal, Customers section and click on the link from there. You will need to login with your mobile device.

Enable cloud directory for customer tenant

  • Navigate to your customer tenant admin dashboard and enable cloud directory
  • Access UsersUser source and choose Local
  • Save the configuration

Create your customer users

Now you will create customer users so that they can use cloud credentials to authenticate to any RADIUS protected resource.

For example, here I create a new user record for Mike:

  • Provide First name and Last name
  • Enter Company email address / UPN
  • Username field will be automatically populated. You can change it if necessary.
  • Idemeum password will be automatically generated. You can change it if necessary.

Set up RADIUS application

Now we will set up RADIUS application for your customer tenant.

  • Navigate to Applications. Click Add app then choose Catalog app
  • In the search bar search for RADIUS
  • We have pre-configured two generic RADIUS applications - one for VPN and one for Wi-Fi. Let's configure one for Wi-Fi. Click Add app next to the Wi-Fi RADIUS application.
  • There are very few parameters to configure:
    • Public IP address - you need to specify the IP address from which the RADIUS requests will be coming to idemeum cloud. In other words, this is the external IP address of your router WAN interface where the requests will come from. You can specify specific IP address (i.e 8.8.8.8) or a CIDR block (i.e. 8.8.8.0/24).
    • Shared secret - secret that is used by your integrating devices to connect to idemeum cloud RADIUS server (Wi-Fi access points, VPN gateways, etc.)
    • Authentication mode - how users will be authenticated to RADIUS application. For this guide we are choosing Passwordless MFA
  • Save the application configuration

Entitle users to RADIUS application

You have successfully configured RADIUS application. Now you need to specify which users will have access to this RADIUS application. In other words, which users will be able to authenticate with Cloud RADIUS. For the sake of simplicity will will give all users in the cloud directory access to this application.

  • Navigate to Entitlements menu
  • Click Add rule
  • Give rule a name
  • Choose Group for IF condition
  • Choose the built-in group All users
  • Click + sign to add an application
  • Select the newly created RADIUS application
  • Save the entitlement rule

Set up your infrastructure

Now you need to set up the infrastructure to connect to idemeum cloud RADIUS server. For instance, you can configure Ubiquity Dream Machine to authenticate one of the Wi-Fi networks with idemeum Cloud RADIUS. Typically you will need idemeum Cloud RADIUS IP address and the shared secret that we generated in the previous step.

IP address for idemeum Cloud RADIUS can be found below.

RADIUS service details
Technical information about idemeum Cloud RADIUS service.

Some integration guides that we certified for RADIUS.

Cloud RADIUS Integrations - idemeum documentation
idemeum is a single place to manage access to applications, desktops, and infrastructure without passwords. Leverage RFID badges or Passwordless MFA.

Test user login flow

Now any user who exists in the customer tenant cloud directory can access RADIUS resource with idemeum cloud credentials. For instance, user connects to Wi-Fi network, gets prompted for username / password, enters idemeum cloud credentials and gets connected.


Questions?

If you have any questions, join our Discord chat and we can help you.