Move closer to an Entra-first identity architecture without breaking access to systems that still require LDAP or RADIUS. Rublon Authentication Proxy helps reduce dependency on local Active Directory by using Microsoft Entra ID as the primary authentication source for legacy access while adding Rublon MFA to the same login flow.
Scenario
Your organization is moving from a hybrid Active Directory environment toward Microsoft Entra ID as the primary identity platform. The goal is to reduce or retire local Active Directory, domain controllers, and related identity infrastructure.
However, some applications, VPNs, firewalls, network devices, Linux services, NAS platforms, and admin portals still depend on LDAP or RADIUS. These systems may prevent a full Active Directory decommissioning project because they still need a legacy authentication interface.
Challenge
Local Active Directory often remains in place because a small number of systems still require LDAP bind or RADIUS authentication. Even if most users and applications have moved to Microsoft Entra ID, these legacy dependencies can keep domain controllers, LDAP service accounts, LDAPS certificates, Microsoft NPS, and Windows Server infrastructure alive.
Microsoft NPS with the Microsoft Entra MFA extension can support RADIUS MFA, but the common NPS model still depends on Active Directory Domain Services (AD FS) for primary authentication. This may not fit organizations that want to reduce local AD dependency or move toward an Entra-only identity model.
Solution
Rublon Authentication Proxy allows LDAP and RADIUS systems to keep using the authentication protocols they already support while moving primary credential verification to Microsoft Entra ID.
Rublon Authentication Proxy receives LDAP or RADIUS authentication requests, checks the user’s primary credentials against Microsoft Entra ID, and enforces Rublon MFA before access is granted. It can run on Windows Server or Linux, including cloud-hosted infrastructure.
This gives organizations a practical path to reduce local Active Directory dependency without replacing every LDAP or RADIUS-based system first.
Benefits
- Support Active Directory decommissioning projects.
- Reduce reliance on local domain controllers for LDAP and RADIUS authentication.
- Use Microsoft Entra ID as the primary identity source for legacy access.
- Keep VPNs, firewalls, network devices, servers, NAS platforms, and legacy applications working.
- Reduce duplicate identity infrastructure, LDAP service accounts, LDAPS maintenance, and NPS-specific dependencies.
- Deploy Rublon Authentication Proxy on Windows Server or Linux.
- Move toward an Entra-first or Entra-only identity architecture without breaking access to LDAP/RADIUS-bound systems.