Page History

Indeed AM NPS RADIUS Extension (RADIUS Extension) is an extension for  Microsoft Network Policy Server (NPS, is a part of Windows Server). It allows for implementation of two-factor authentication for RADIUS-compatible services and applications.

Installation of Network Policy Server

1. Run Add Roles and Features Wizard.
2. Select Network Policy and Access Services role from the role list and confirm installation of additional components.Image Added
3. Select Network Policy Server from the Role services list.Image Added
4. Click

1. “Install” in the

1. “Confirm installation of

1. components” window.

Configuration of NPS server.

1. Run Network Policy Server.

2. Add your VPN server to RADIUS clients. (Right-click RADIUS - Clients

1. → New document).

1. Info
   If using CHAP authentication, it is necessary to activate the

1. “Store the password using reversible

1. encryption” in the user account parameters and update user password.

   
   

2. Configure the new client.
   1. Add the name for your VPN server (1).
   2. Specify the IP address of your VPN server (2).

   3. Define the private key to connect to server (3).

      Info
      The common private key is defined at the server and at the client upon connection.

      Image Added

3. Add a network policy for Radius client connection.Image Added

Installation of Indeed NPS RADIUS Extension

1. Install

1. NPS RADIUS by running

1. Indeed.

1. AM.RADIUS.Extension-x64.

1. msi

1.  installer.
2. Modify the following parameters

1. in HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\AuthProxy section:
   1. ServerUrlBase parameter. This parameter defines the URL of your Indeed server.

   2. IsIgnoreCertErrors parameter. Specify the value of 0 or 1. 

      Info
      This parameter is intended to verify the Indeed server certificate. Value of 1 means that certificate errors are ignored.

      
      

   3. AppId parameter with the value of NPS RADIUS Extension.Image Added

Policy configuration

Challenge\Response: message to user

The policy makes it possible to define the message that is displayed to user upon the second factor prompt.

Configuration of customized login methods for specified user groups.

1. Open the

1. “Configure login methods for user

1. groups” for editing.
2. Enable (1) the parameter and edit the contents (2).
3. Add the "distinguishedName" attribute value of your user group to the

1. “Value name” parameter.

2. Paste the key of the provider used to

1. “Value” parameter.

   Info
   {EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP {093F612B-727E-44E7-9C95-095F07CBB94B} - EMAIL OTP {0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP {AD3FBA95-AE99-4773-93A3-6530A29C7556} - HOTP Provider {CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05} - TOTP Provider {DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68} - AirKeyProvider

   Image Added

   Image Added

User group caching

The policy enables user group caching for RADIUS authentication and makes it possible to define the cache update rate.

User name configuration

The policy allows you to configure usage of domain NetBIOS name in case the username is specified without the domain. To enable the policy, activate the following parameter:  “Use domain NetBIOS name if username is specified without

it”.