How to Set Up RADIUS Authentication with Google

Intro

It is becoming more important than ever for organizations to make the transition from antiquated pre-shared key authentication methods to RADIUS-based, 802.1x authentication for their wireless networks. However, many can find the difficulties when integrating to a WPA2-Enterprise system when attempting to use a cloud directory.

A major challenge is enrolling users for 802.1x authentication without Active Directory. In response, SecureW2 has developed a solution that can provide organizations with a WPA2-Enterprise network regardless of the directory in use. SecureW2’s JoinNow onboarding software allows end users to easily enroll themselves for certificate authentication with a simple Single Sign-On (SSO) that’s compatible with Google.

In the past, certificates had been used sparingly, but as technology has progressed and cyber crime activity has increased, they have become a staple for network authentication.  Certificates are a substantial upgrade for network security and allow for a far superior user experience. Proper use of certificates can completely eliminate the threat of Man in the Middle Attacks and password based headaches.

SecureW2 allows certificates to be used easily through our #1 rated onboarding software along with a host of awesome certificate management features with our cloud portal.  This guide will show you how to set up RADIUS authentication with Google, so you can take advantage of a maximum grade security network.

 

How RADIUS Authentication Works at a High Level

Create an Identity Provider in SecureW2

Creating an IDP in SecureW2 tells our 802.1x onboarding software and Cloud RADIUS server how to connect to your Google IDP so SecureW2 can verify user credentials, issue certificates that can be authenticated by our RADIUS server.

To create an IDP in SecureW2:

  1. From your SecureW2 Management Portal, go to Identity Management > Identity Providers.
  2. Click Add Identity Provider.
  3. For Name, enter a name.
  4. For Description, enter a description.
  5. Click the Type dropdown and select SAML.
  6. Click the Saml Vendor dropdown and select Your chosen vendor.
  7. Click Save.

Setting up RADIUS Authentication with G-Suite / Google Apps

Creating a SAML Application in Google Apps

  1. Login to Google Admin Console
  2. Click Apps and select SAML Apps
  3. A yellow circle will appear in the bottom right corner (when you hover over it, you will read Enable SSO for a SAML Application), click on it
  4. Click Set Up My Own Custom App
  5. Download the IDP metadata
    1. We will add the metadata from Google Apps

  1. Navigate to the Identity Provider SecureW2 page, and click on the Configuration tab
  2. Under Identity Provider (IDP) Info, click Choose File
  3. Choose the downloaded metadata file, and then click Upload and then Update
  4. Navigate to the Google SAML App Setup
  5. Enter the basic information for your app in step 3 (Application Name, Description) and then click Next
  6. Step 4 requires an ACS URL and EntityId from the SecureW2 Management Portal
  7. Navigate back to the SW2 Management Portal and copy the ACS URL and EntityId from the Identity Provider section, and paste it into the Service Provider Details of the Google SAML App Setup
  8. Check the box for Signed Response in the Google Admin page, click Next and Finish

Setting up RADIUS Authentication with G-Suite / Google Apps

Now, you need to enter in the RADIUS information. For this guide we are using a Meraki Access Point to show how Cloud RADIUS integrates with an access point. However, Cloud RADIUS is vendor neutral and works with any Enterprise AP vendor.

 

  • Under Wireless, select Access control
  • Under Network access change it from the default value of Open (no encryption) to WPA2 Enterprise with “my RADIUS server”
  • For the WPA encryption mode, select WPA2 only
  • In the Splash page section, leave it set to None (direct access)

 

You can find the details about your Cloud RADIUS when you go to AAA Management and AAA Configuration. Here you will see a Primary IP Address, Secondary IP Address, Port Number and a Shared Secret.

 

  • Copy the Cloud RADIUS information and paste it back into your Access Point Provider under RADIUS Servers, click the green link to Add a server
  • Enter in the Primary IP Address, Port Number, Shared Secret respectively
  • You will need to perform the same steps for the Secondary IP Address by entering the Secondary IP Address, Port Number, Shared Secret
  • Scroll down and click Save changes

RADIUS Authentication with Google SAML and SecureW2

Using SecureW2, your organization can have a top of line RADIUS-backed network fully functional in a matter of hours. Plus an amazing support team that is ready to assist you with any help you may need. We easily work with all SAML providers to eliminate any headaches usually associated with integration. We have affordable solutions for organizations of all sizes; check out our pricing here to see if we can be of service.

 

The post How to Set Up RADIUS Authentication with Google appeared first on SecureW2.


*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Eytan Raphaely. Read the original post at: https://www.securew2.com/blog/radius-authentication-google/