Wikis - Page

How to integrate AAF with Leostream

3 Likes

ISSUE:

Leostream supports MFA using Radius.
The following How-To describes the steps to implement Radius MFA using AAF. 

HOW TO STEPS:

1) Configure the SmartPhone Method to enroll the TOTP Method when enrolling Smartphone

whenz_0-1586965664249.png

 

Additionally, you may re-configure the TOTP step setting to give the users more time to enter the TOTP code.

2) Configure a new Chain TOTP and assign the user groups

whenz_2-1586966245768.png

3) Configure a new Event RadiusLeostream with the TOTP chain, put Radius into the Endpoints whitelist.

whenz_3-1586966463763.png

4) Configure Radius Policies, add the IP of the Leostream Broker to the clients and specify the shared secret.

whenz_4-1586966788164.png

Additionally, you may also configure Event- and Chain-selection rules based o the NAS-IP-Address of the Leostream Broker (this might be useful if you have other services integrated with Radius).

5) Configure AAF as MFA Provider in the Leostream Admin console

whenz_5-1586967223582.png

6) Assign AAF MFA to your Authentication Server

whenz_6-1586967391613.png

You have successfully implemented Radius MFA using AAF. 

 

Labels:

How To-Best Practice
Comment List
Related
Recommended