Modern RADIUS Authentication Solutions

Our platform as a whole is compatible with both SAML and LDAP; however, they are used in different capacities.

SAML (Security Assertion Markup Language) is designed for cloud environments such as cloud directories and is perfect to use for modern authentication methods that include certificate-based authentication. In the workplace, SAML is a protocol that enables users to log in to several apps with a single set of credentials. You may use your corporate IDP identity to log in by utilizing standards based on XML. By doing this, you will be able to use many more applications without having to re-enter your credentials.

OAuth is an SSO for consumers in general, and SAML is essentially the protocol used as an SSO for enterprise-level applications. Using OAuth, an authorization server can grant access tokens to third-party clients with the resource owner's consent. Then, the resource server's protected resources can be accessed by the third party using the token.

Cloud RADIUS, as a cloud-based RADIUS server, uses OAuth for communication to authenticate users for services such as VPN, web applications, Wi-Fi, Single-Sign-On, and more.

LDAP is a relatively older language that is used traditionally for on-prem servers for credential-based authentication. SecureW2 can use LDAP to enroll a user or machine for a certificate. It, however, does not use LDAP to authenticate or authorize users as Cloud RADIUS has moved towards certificate-based authentication.

To conclude, Cloud RADIUS can use LDAP for certificate enrollment, however, for authentication or authorization processes, it relies on OAuth as it is compatible with modern cloud environments and ideal for certificate-based authentication. SAML is used by our platform to authenticate BYODs and unmanaged devices at the time of certificate enrollment.

Yes. Cloud RADIUS was designed from the ground up for passwordless certificate authentication. In order to deploy digital certificates for secure access, you also need a Public Key Infrastructure (PKI). Most organizations with high-security requirements require a PKI, as it’s a foundational system for a Zero Trust environment, and it enables passwordless authentication for Wi-Fi, VPN, Application Security, and much more.

SecureW2 offers an intuitive, easily deployable PKI that pairs with Cloud RADIUS. We also offer self-service certificate enrollment for unmanaged devices and BYODs and zero-touch configuration and enrollment for managed company-owned devices through our managed device gateway APIs.

Credential-based network authentication protocols, such as PEAP-MSCHAPv2, put your network at unnecessary risk. Credentials are easily stolen through attack vectors such as phishing attacks and sometimes stolen over-the-air if your authentication protocol is compromised due to outdated hashing algorithms.

Beyond that, there’s the end-user experience to consider. With credential-based network authentication, end users are disconnected from the network every time they reset their password or their password expires. It’s also frustrating having to enter your password in repeatedly to connect to your network.

EAP-TLS, on the other hand, uses asymmetric cryptography to generate certificates for mutual authentication. Rather than sending passwords over-the-air, users and devices are verified with the use of digital certificates. Not only does this make EAP-TLS the more secure option of the EAP methods, but it takes fewer steps to complete the mutual authentication process, resulting in a faster authentication speed.

While it is possible to build an on-premise RADIUS server with options such as Microsoft’s NPS, the costs for doing so are high. Building and maintaining your own RADIUS server requires time, money, and expertise that can all add up quickly. If you have multiple office locations that need RADIUS for authentication, the costs increase exponentially as you recreate your RADIUS servers at every location.

A Cloud RADIUS service mitigates all of these issues. Because it is cloud-native, users can authenticate to it from any location, even offices located all over the globe. Additionally, SecureW2 has experience deploying Cloud RADIUS for organizations of all sizes, so you can rely on our expertise without needing to hire a RADIUS expert of your own.

Building a RADIUS server on your own requires you to invest in infrastructure, security to protect that infrastructure, licensing fees from the software you use, and the salaries of the employees involved. It’s not impossible, but done correctly, it is a costly venture.

Cloud RADIUS is already built and since it is cloud-based, it can be deployed anywhere. Since you don’t need to replicate its hardware and security at every office location, you save money spent on duplicating on-premise RADIUS servers. You also don’t need to bring on an experienced RADIUS expert, as we are a fully managed service. We offer SLAs up to 99.999%, and anytime you feel there could be a network-related issue, our top-rated support team is here to help.

We have heard from many organizations that have set up their own RADIUS servers in the cloud and found it difficult to maintain their infrastructure. Popular options for RADIUS servers such as NPS often don’t integrate with other popular infrastructure such as Azure AD (Entra ID). Setting up the infrastructure correctly takes a tremendous investment and has ongoing costs you don’t need to shoulder.

A managed RADIUS service like our Cloud RADIUS server allows you to deploy RADIUS in the cloud within an hour without any need for massive forklift upgrades, making it more cost effective. It was designed to seamlessly integrate with your existing infrastructure, including popular Identity Providers like Microsoft Azure AD, Google, and Okta. Cloud RADIUS also integrates with all major wireless access points and MDMs.