Skip to main content


RADIUS configuration

In this post we will take a look at idemeum RADIUS application configuration.

Need end to end guide?

We have published end-to-end quick-start guides so that you can set up idemeum RADIUS integration for Wi-Fi or VPN with username / password, or Passwordless MFA login.

Quick-start guides
This section contains guides on how to deploy, configure, and manage idemeum in a wide range of contexts.

Looking for integration guide?

We have certified some RADIUS integrations and created the integration guides for them.

Cloud RADIUS Wi-Fi and VPN - idemeum documentation
idemeum is a single place to manage access to applications, desktops, and infrastructure without passwords. Leverage RFID badges or Passwordless MFA.


RADIUS integration in idemeum is represented as an application. We have created two RADIUS applications - one for Wi-Fi and one for VPN. You navigate to Applications section, create a Radius application, configure it, and then decide which of your users will have access to this application. For instance, you can control what users can login to Wi-Fi with cloud credentials, or what groups of users can connect to VPN with Passwordless MFA.

RADIUS application configuration

Basic settings

  • Navigate to your customer admin portal → customer-<your msp domain>
  • Choose Applications in the left menu
  • Click Add app then Catalog app
  • Then search for radius in the search bar, choose Wi-Fi or VPN RADIUS application and click Add app
  • Now you can set up the configuration options for your RADIUS application
    • Public IP address - enter the IPv4 address of where the requests will be coming from. Typically this is your WAN / Public IP address of the router.
    • Shared secret - secret that protects the communication between your Wi-Fi or VPN NAS. You will need this value when you set up the integration with your infrastructure.
    • Authentication mode - choose how your users will be authenticated to Cloud RADIUS, i.e. password, MFA, etc.

Advanced settings (optional)

We support an advanced use case where you can configure both VPN and Wi-Fi RADIUS integrations where requests will be originating from the same public IP address. For this to work, we still need to differentiate the RADIUS requests, as a result we will need to rely on the NAS IP Address. Typically this will be the internal IP address of your integrating device, i.e internal IP address of VPN gateway.

  • Expand the Advanced settings menu
  • Add the NAS IP addresses for the RADIUS integrating products
Sending NAS IP address needs to be supported by your application. Some integrating devices might not support this feature. Check the documentation of your VPN and W-Fi products.
  • Save the configuration

Entitle RADIUS application

Now you need to configure who will have access to this RADIUS application. You can entitle application directly to users, or can leverage idemeum groups for that. For example, if you want to entitle your RADIUS application to all users:

  • Navigate to Entitlements
  • Create a new rule and provide a rule name
  • Choose Group for IF condition
  • Select All users group
  • Choose the RADIUS application that you created


Drop us a note in Discord chat if you have any questions.