PIN Authentication

GreenRADIUS offers the ability to use a PIN instead of an LDAP password or as an additional authentication factor when this premium feature is enabled. PINs can be set per user, and the policy to use a PIN can be configured for each RADIUS client served by GreenRADIUS.

The first step is to enable PIN authentication for the desired RADIUS client. On the Global Configuration tab > Client-based Authentication Policies screen, when adding a new RADIUS client or when editing an existing one, the "Multi-Factor Policy" can be selected from the dropdown list:

Authentication mode

From this list, admins can select to use standard LDAP password authentication (Password+Token), to use the PIN in addition to the LDAP password (Password+PIN+Token), or to exclude the LDAP password entirely and use PIN authentication alone (PIN+Token).

When the PIN feature is enabled, an extra column labelled "PIN Status" will display next to each user in the Users/Domains tab:

User view with PIN

From here, admins can select a user and click "Set/Update PIN" to change the PIN for the user:

Pin setting

Users can also set their own PINs from the Self-Service Portal by clicking the "Assign/Change PIN" button. Once authenticated, users will be prompted to enter a new PIN:

Self service pin setting

Note that PINs must have a certain length based on a PIN length policy. This is set to 8 digits by default, but can be changed in the Global Configuration tab under the General heading:

Pin length config

Note: This PIN feature is only available for applications and services configured as RADIUS clients in GreenRADIUS.

[NGS](./non-gui-settings.md)

Web Analytics Made Easy - StatCounter

Updated 2026-03-05
© 2026 Green Rocket Security Inc. All rights reserved.