Last updated on April 24, 2025
- “standard” – allows you to log in using a predefined secondary authentication method or using Append Mode.
- “challenge” – allows you to log in using Radius Challenge. Rublon Authentication Proxy will respond with the Access-Challenge packet and wait for the selected authentication method provided in the next request.
- “nocred” – allows you to log in to specific system integration. The NoCred Mode only performs secondary authentication and should be used with systems that prompt you for an extra authentication step after performing the first factor on its own (like Awingu).
Standard Mode
"proxy_servers": [
{
"name": "RADIUS-Server",
"type": "RADIUS",
"radius_secret": "test-radius-secret",
"ip": "0.0.0.0",
"port": 1812,
"mode": "standard",
"auth_source": "LDAP_1",
"auth_method": "push,email"
}
],
"auth_sources": [
{
"name": "LDAP_1",
"type": "LDAP",
...
}
]
- The mode option has been set to “standard” to enable the Standard Mode.
- The auth_source has been set to “LDAP_1” (which was configured in the “auth_sources” section) to make Rublon pull users from Active Directory during the first authentication factor. You can add more than one auth_source by providing a unique name for each.
- The auth_method option has been set to “push, email”, which means that Rublon will first try to use the Mobile Push authentication method as the second authentication factor. If Rublon does not succeed in using the Mobile Push method (e.g., the user hasn’t enrolled their Rublon Authenticator), the Email Link authentication method will be used instead.

Append Mode
"proxy_servers": [
{
"name": "RADIUS-Server",
"type": "RADIUS",
"use_append_mode": true,
...
}
]

Challenge Mode
"proxy_servers": [
{
"name": "RADIUS-Server",
"type": "RADIUS",
"radius_secret": "test-radius-secret",
"ip": "0.0.0.0",
"port": 1812,
"mode": "challenge",
"auth_source": "LDAP_1",
"auth_method": "push"
}
],
"auth_sources": [
{
"name": "LDAP_1",
"type": "LDAP",
...
}
]
- The mode option has been set to “challenge” to enable the Challenge Mode
- The auth_source has been set to “LDAP_1” (which was configured in the “auth_sources” section) to make Rublon pull users from Active Directory during the first authentication factor. You can add more than one auth_source by providing a unique name for each.
- The auth_method option has been set to “push”, which means that in case the method selected in the second step is not recognized, Rublon will send a Mobile Push authentication request to the user as the second authentication factor.

NoCred Mode
"proxy_servers": [
{
"name": "RADIUS-Server",
"type": "RADIUS",
"radius_secret": "test-radius-secret",
"ip": "0.0.0.0",
"port": 1812,
"mode": "nocred",
"auth_method": "push"
}
]
- The mode option has been set to “nocred” to enable the NoCred mode
- The auth_method option has been set to “push”, which means that in case the method selected in the second step is not recognized, Rublon will send a Mobile Push authentication request to the user as the second authentication factor.
- Note that the type option for this auth_source is not set in this case. This is because primary authentication is not performed in this mode.

- 123456(789) – a Passcode (6-digit TOTP code generated by Rublon Authenticator or 9-digit Bypass Code)
- push – a Mobile Push is sent to their phone; requires Rublon Authenticator
- email – an email message containing an Email Link is sent to their email address
- smsLink – an SMS Link is sent to their phone; requires a phone number to be configured
- phoneCall – Rublon makes a Phone Call and asks them to press any key
- <YubiKey OTP code> – the user inserts the YubiKey and presses the button on the key; the YubiKey OTP is typed and Enter is pressed automatically