PIN Authentication

GreenRADIUS offers the ability to use a PIN instead of an LDAP password or as an additional authentication factor when this premium feature is enabled. PINs can be set per user, and the policy to use a PIN can be configured for each RADIUS client served by GreenRADIUS.

The first step is to enable PIN authentication for the desired RADIUS client. On the RADIUS Clients tab in the web admin interface, when adding a new RADIUS client or when editing an existing one, the "Multi-Factor Policy" can be selected from the dropdown list:

Authentication mode

From this list, admins can select to use standard LDAP password authentication ("Password + OTP"), to use the PIN in addition to the LDAP password ("Password + PIN + OTP"), or to exclude the LDAP password entirely and use PIN authentication alone ("PIN + OTP").

When the PIN feature is enabled, an extra column labelled "PIN Status" will display next to each user in the Users/Domains tab:

User view with PIN

From here, admins can select a user and click "Set/Update PIN" to change the PIN for the user:

Pin setting

Users can also set their own PINs from the Self-Service Portal by clicking the "Assign/Change PIN" button. Once authenticated, users will be prompted to enter a new PIN:

Self service pin setting

Note that PINs must have a certain length based on a PIN length policy. This is set to 8 digits by default, but can be changed in the Global Configuration tab under the General heading:

Pin length config

Note: This PIN feature is only available for applications and services configured as RADIUS clients in GreenRADIUS.

[NGS](./non-gui-settings.md)

Web Analytics Made Easy -
StatCounter

Updated 2020-06-04
© 2020 Green Rocket Security Inc. All rights reserved.