Enable VPN users to sign in with Microsoft Entra ID credentials even when your VPN, firewall, or remote access gateway only supports RADIUS. With Rublon Authentication Proxy, you can connect RADIUS-based VPN access to Microsoft Entra ID for primary authentication and add Rublon MFA before access is granted.
Scenario
Your organization uses Microsoft Entra ID as the central identity platform, but your VPN, firewall, or remote access gateway still authenticates users through RADIUS. Users already sign in to cloud services with Microsoft Entra ID credentials, but remote access still depends on legacy authentication infrastructure.
This is common in environments where VPN appliances, firewalls, and remote access systems support RADIUS broadly, but do not provide a direct practical Microsoft Entra ID integration through SAML, OAuth 2.0, or OpenID Connect.
Challenge
Many VPN deployments still rely on RADIUS servers backed by local Active Directory for primary authentication. This creates a problem for organizations moving toward an Entra-first or Entra-only identity strategy.
You may want users to sign in to VPN with Microsoft Entra ID credentials, but the VPN system expects a RADIUS server. At the same time, keeping local Active Directory, domain controllers, Microsoft NPS, and related infrastructure only for VPN authentication increases operational overhead and slows down Active Directory decommissioning projects.
Solution
Rublon Authentication Proxy acts as the RADIUS endpoint for your VPN or firewall and uses Microsoft Entra ID as the primary authentication source.
The VPN sends the RADIUS authentication request to Rublon Authentication Proxy. Rublon Authentication Proxy verifies the user’s primary credentials against Microsoft Entra ID and then enforces Rublon MFA before VPN access is granted.
This allows VPN users to authenticate with Microsoft Entra ID credentials while keeping the VPN configuration based on RADIUS. The protected VPN does not need to support Microsoft Entra ID natively.
Benefits
- Enable VPN access with Microsoft Entra ID credentials over RADIUS.
- Add Rublon MFA before remote access is granted.
- Reduce dependency on local Active Directory for VPN authentication.
- Keep RADIUS-based VPN and firewall configurations working.
- Support Entra-first and Entra-only identity strategies.
- Avoid keeping Microsoft NPS and domain controllers only for RADIUS-based VPN authentication.
- Protect VPN access even when the VPN appliance does not support SAML, OAuth 2.0, or OpenID Connect natively.