Rubycat PROVE IT - inWebo RADIUS integration
This document explains how to integrate inWebo with Rubycat PROVE IT via inWebo RADIUS.
An administrator access to your PROVE IT web admin console
An administrator access to your inWebo account
Allow UDP traffic in port 1812 from PROVE IT to inWebo RADIUS server
To integrate inWebo with Rubycat PROVE IT via inWebo RADIUS, you should make configurations on the PROVE IT side (configure Authentication Server, Authentication Realm, user role and Access Policy) and on the inWebo side (configure inWebo RADIUS connector).
PROVE IT Authentication Server
Navigate to authentication tab and select Authentication menu
Click on Add new server and select RADIUS as a type. Make sure to select Push notification as authentication mode.
Configure Host name with inWebo RADIUS: radius-a.myinwebo.com (18.104.22.168)
and Port with 1812. Change the default timeout to 20sec and Max retries to 3.
The parameters NAS identifier and NAS IP are optional
Whether you need to set a secondary RADIUS, you might use the secondary inWebo RADIUS: radius-b.myinwebo.com (22.214.171.124)
Fill out the share secret. This information will be shared with inWebo server through inWebo RADIUS connector.
PROVE IT Authentication Realm
Change an existing Realm or create a new one.
Click on New realm and optionally configure it as the Default Realm
Select the Authentication server created previously as the First authentication server or as the Second authentication server.
The user experience will be different if inWebo RADIUS is selected either as a first or second Authentication server.
When inWebo RADIUS server is setting up as a Second authentication server, the first authentication might be PROVE IT-interne or LDAP.
PROVE IT user role
You can change an existing user Role or create a new one. Navigate to Authorization tab and select Role in the Users menu
Click on Add new role
Select the real created / modified previously and search for one or more user group / user to map with that role. Add them to the Selected groups or Selected user columns.
PROVE IT Access policy
Change an existing user Role or create a new one. Select Access policies in the menu Users.
Click on Add new policy
Select the role configured previously
Select the desired services
Click on Next. Optionally configure a Filter and Submit.
inWebo RADIUS Connector
Log in to the inWebo administration console http://www.myinwebo.com/console .
Navigate to Secure site tab > Connector and add a connector of type RADIUS Push.
Fill out IP address with PROVE IT public IP address and the RADIUS secret with the share secret previously defined in step 2.
Any modification made to your radius configuration will be applied within the next 15 minutes.
InWebo RADIUS as the First authentication Server
When connecting with a SSH or RDP client, the user will enter a random character and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop)
InWebo RADIUS as the Second Authentication Server
When connecting with a SSH or RDP client, the user will enter his password (local or AD) and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop)