Last updated on February 6, 2025
Overview
Supported Authentication Methods
Before you start
Configuration
4. Navigate to Virtual Services → Manage SSO, and fill in the Add new Client Side Configuration field with the name of your new SSO configuration. Afterwards, click Add to create a new Client Side Configuration.
5. Select RADIUS in the Authentication Protocol drop-down list.
6. Enter the address of your Rublon Authentication Proxy in the RADIUS Server(s) field. Confirm by clicking the Set RADIUS Server(s) button.
7. Enter the RADIUS Secret set in Rublon Authentication Proxy as the RADIUS Shared Secret, and confirm by pressing the Set Shared Secret button.
8. Set Logon Format (Phase 1 RADIUS) to Username Only.
9. You can optionally enable Send NAS Identifier. It’s disabled by default. If you enable it, a NAS identifier string is sent to the RADIUS server. This string is set to hostname by default. If you check Send NAS Identifier, a RADIUS NAS Identifier field will appear, and you will be given an opportunity to specify the value to be used as the NAS identifier. If the value is not specified, the hostname is used.
Other settings depend on your preferences. If you would like to learn more, please visit this page.
10. Navigate to View/Modify Services, and click the Modify button. Extend ESP options.
11. Check Enable ESP, and fill in the required data.
12. Set Client Authentication Mode to Form Based. Set the SSO Domain you have created before, and finally specify the Allowed Virtual Hosts, Allowed Virtual Directories and Server Authentication Mode according to your configuration. If you would like to learn more about the ESP configuration, please visit this page.
13. Your configuration is complete. Your users have 2FA enabled when logging in to their Virtual Service.
Log in to Kemp with Rublon 2FA
1. Run Kemp Virtual Service. As you can see in the picture below, the user has to provide the credentials from RADIUS.
