Last updated on March 26, 2024
Network Policy Server (NPS) is a RADIUS server and proxy that comes as an in-built feature in Windows Server 2016 and 2019.
Administrators can set up NPS as a RADIUS server to authenticate using local domain user credentials or a RADIUS proxy to forward connection requests to another RADIUS server.
Why Do Administrators Want an NPS Alternative?
With the growing popularity of Multi-Factor Authentication (MFA), more and more organizations want to introduce MFA to their user’s daily login flow. NPS does not come with MFA capabilities on its own, so a usual solution is to integrate NPS with another Microsoft product – Azure AD.
NPS needs another product to put MFA in place. To use Azure AD MFA with NPS, you need to install the NPS extension and then sync the extension to Azure AD using Azure AD Connect.
When set up as a RADIUS server, NPS performs authentication for the local domain and for domains that trust the local domain. NPS uses Active Directory Domain Services or Security Account Manager for that.
It is very tricky if not impossible to make NPS act as a RADIUS server and work in an environment that does not use Microsoft products. But there is a way around it. You can configure NPS to work as a RADIUS proxy. Then, NPS connects to a separate RADIUS server. If that separate RADIUS server supports other products and environments, then you are not limited to just users from the local domain. However, if you want to also deploy MFA on top of all that, you still need Azure AD, and the configuration may get confusing and difficult.
What Are the Alternatives to NPS?
FreeRADIUS is a free RADIUS server alternative to NPS. Similarly to NPS, FreeRADIUS does not have any MFA capabilities on its own. If you want to enable MFA for your logins, FreeRADIUS is not enough to make it work. You need another tool for that.
Enter Rublon Authentication Proxy, an on-premises RADIUS proxy server that empowers you to add secure MFA to any service (VPN, router, application) that supports the RADIUS authentication protocol.
No local domain limitation, no weird RADIUS group configurations. Just deploy the Rublon Authentication Proxy on your Windows Server or Linux and configure the Rublon Authentication Proxy to pull users from one of the supported identity providers: OpenLDAP, FreeIPA, FreeRADIUS, or Active Directory.
Rublon Authentication Proxy is a versatile product that acts as a RADIUS proxy, which means that you can integrate it with any other product that uses RADIUS for authentication. Integrating services with the Rublon Authentication Proxy is a short and easy process that often involves as little as simply providing the IP address of your Rublon Authentication Proxy and the RADIUS Secret in your service’s configuration admin panel.
It takes only a few minutes to create an organization in the Rublon Admin Console and install Rublon Authenticator on your smartphone.
Why Get Rublon Authentication Proxy
Learn why Rublon Authentication Proxy is a good NPS alternative.
Low Cost
Rublon Authentication Proxy costs only 2 USD per user per month. And for this one dollar, you also get all other Rublon products. Forget expensive Azure AD licenses. You can test Rublon for a month, and this one month is completely free of charge.
In-Built MFA
If you want to deploy MFA for NPS, you need to pay for Azure AD. Rublon Authentication Proxy already comes with an in-built MFA.
Support for Linux
You can deploy Rublon Authentication Proxy on a Linux machine and save money on Windows Server licenses.
Support for Append Mode
Append Mode allows you to choose your authentication method by appending a short string value to your password when logging in to an integrated service.
Support for Several Authentication Methods
Rublon Authentication Proxy supports three authentication methods, two of which use the power of the Possession Factor in the form of the Rublon Authenticator mobile app installed on the users’ smartphones.
Rublon Authenticator gives you easy, one-tap authentication with Mobile Push and a Biometric Lock, which combines the Possession Factor and the Inherence Factor to provide top-notch security for your workforce.
With Rublon Authenticator, you can also use Mobile Passcode – software tokens based on the TOTP standard.
Email Link are also supported.
Support for Multiple Identity Provider Servers
One of the handy features of NPS is that you can use more than one RADIUS server.
Rublon Authentication Proxy allows you to define one or more RADIUS or LDAP (incl. Active Directory) servers in the configuration file.
If your first server does not respond or is down, Rublon Authentication Proxy will use the second backup server.
Support for Non-PAP Authentication Protocols
Rublon Authentication Proxy uses the PAP protocol by default. You can change that with one parameter in the configuration file.
Rublon Authentication Proxy can proxy the authentication request to the RADIUS server (e.g., FreeRADIUS), and therefore make protocols such as CHAPv1, MS-CHAPv2, or EAP-MS-CHAPv2 work.
Start Your Free Rublon Trial Today
Test Rublon Authentication Proxy for free for 30 days to see if it fits your organization’s requirements. Start the Free Trial by signing up to the Rublon Admin Console.
