This document explains how to integrate inWebo with Rubycat PROVE IT via inWebo RADIUS.

Prerequisites

  • An administrator access to your PROVE IT web admin console

  • An administrator access to your inWebo account

  • Allow UDP traffic in port 1812 from PROVE IT to inWebo RADIUS server

Configuration

To integrate inWebo with Rubycat PROVE IT via inWebo RADIUS, you should make configurations on the PROVE IT side (configure Authentication Server, Authentication Realm, user role and Access Policy) and on the inWebo side (configure inWebo RADIUS connector).

PROVE IT Authentication Server

Navigate to authentication tab and select Authentication menu 

Une image contenant texte  Description générée automatiquement

Click on Add new server and select RADIUS as a type. Make sure to select Push notification as authentication mode.

Configure Host name with inWebo RADIUS:  radius-a.myinwebo.com (95.131.139.137)

and Port with 1812. Change the default timeout to 20sec and Max retries to 3.

The parameters NAS identifier and NAS IP are optional

Whether you need to set a secondary RADIUS, you might use the secondary inWebo RADIUS: radius-b.myinwebo.com (217.69.22.59)

Fill out the share secret. This information will be shared with inWebo server through inWebo RADIUS connector.

PROVE IT Authentication Realm

Change an existing Realm or create a new one.

Une image contenant table  Description générée automatiquement

Click on New realm and optionally configure it as the Default Realm

Select the Authentication server created previously as the First authentication server or as the Second authentication server. 

The user experience will be different if inWebo RADIUS is selected either as a first or second Authentication server.

When inWebo RADIUS server is setting up as a Second authentication server, the first authentication might be PROVE IT-interne or LDAP.

PROVE IT user role

You can change an existing user Role or create a new one. Navigate to Authorization tab and select Role in the Users menu

Click on Add new role

Select the real created / modified previously and search for one or more user group / user to map with that role. Add them to the Selected groups or Selected user columns.

PROVE IT Access policy

Change an existing user Role or create a new one. Select Access policies in the menu Users.

Une image contenant texte  Description générée automatiquement

Click on Add new policy

Select the role configured previously

Select the desired services

Une image contenant texte  Description générée automatiquement

Click on Next. Optionally configure a Filter and Submit.

inWebo RADIUS Connector

Log in to the inWebo administration console http://www.myinwebo.com/console .

Navigate to Secure site tab > Connector and add a connector of type RADIUS Push.

Fill out IP address with PROVE IT public IP address and the RADIUS secret with the share secret previously defined in step 2.

Please note that any configuration / update of inWebo RADIUS Push connector will be applied within the hour".

User Experience

InWebo RADIUS as the First authentication Server

When connecting with a SSH or RDP client, the user will enter a random character and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop) 

InWebo RADIUS as the Second Authentication Server

When connecting with a SSH or RDP client, the user will enter his password (local or AD) and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop)