Okta® has dabbled in providing RADIUS authentication services for a while now. It seems that while Okta had provided a cloud RADIUS offering many years ago, they seemed to move in a different direction. That said, it appears that they may have resurrected their RADIUS offering with an on-prem RADIUS agent that IT organizations need to install on a Windows® server. Unfortunately, however, the solution that Okta appears to have come up with is far from the cloud-based RADIUS infrastructure that most IT admins envision.
RADIUS, Directories, and VLANs in the Cloud
Ideally, the RADIUS infrastructure that IT organizations are searching for enables them to offload the entire process of implementing, configuring, and securing FreeRADIUS to a third party. There would be no RADIUS server on-prem like with Okta. The solution would then be available from the cloud and accessible anywhere. Further, because RADIUS requires integration with an identity provider, often Microsoft® Active Directory® or OpenLDAP™, that process should be offloaded as well. For sophisticated, security-minded organizations, there is one final piece to this equation. The option to leverage VLANs (virtual local area networks) to place users in the proper VLAN segments represents another critical feature that should be implemented and delivered from the the cloud.
Typical RADIUS Use Case
For most organizations, the use case surrounding RADIUS has to do with stepping up their WiFi and VPN security. The reasons they’re seeking to accomplish this are simple. Most organizations simply utilize a shared SSID and passphrase for WiFi which leaves them vulnerable to attack. Conceptually, a simple way to increase security is to require users to authenticate with their core identity. That is, the identity they use to log in to their workstations. It’s unique to them, and nobody else should know it. The challenge to this approach is that it requires a number of moving parts for IT organizations including a FreeRADIUS server, integration with an IdP, and then endpoint configuration. For busy IT admins, that’s a lot of work.