GreenRADIUS offers the ability to use a PIN instead of an LDAP password or as an additional authentication factor when this premium feature is enabled. PINs can be set per user, and the policy to use a PIN can be configured for each RADIUS client served by GreenRADIUS.
The first step is to enable PIN authentication for the desired RADIUS client. On the RADIUS Clients tab in the web admin interface, when adding a new RADIUS client or when editing an existing one, the "Multi-Factor Policy" can be selected from the dropdown list:
From this list, admins can select to use standard LDAP password authentication (
"Password + OTP"),
to use the PIN in addition to the LDAP password (
"Password + PIN + OTP"), or to exclude the LDAP password
entirely and use PIN authentication alone (
"PIN + OTP").
When the PIN feature is enabled, an extra column labelled "PIN Status" will display next to each user in the Users/Domains tab:
From here, admins can select a user and click
"Set/Update PIN" to change the PIN for the user:
Users can also set their own PINs from the Self-Service Portal by
"Assign/Change PIN" button. Once authenticated,
users will be prompted to enter a new PIN:
Note that PINs must have a certain length based on a PIN length policy. This is set to 8 digits by default, but can be changed in the Global Configuration tab under the General heading:
Note: This PIN feature is only available for applications and services configured as RADIUS clients in GreenRADIUS.
© 2020 Green Rocket Security Inc. All rights reserved.