Indeed NPS RADIUS Extension

scheme radius

The list of extensions for Indeed Access Manager, containing Indeed OWA & EAS Extension, Indeed Lync Extension and IIS module, is now supplemented by one more module.

The Indeed NPS RADIUS Extension is installed to Network Policy Server. This module allows the Indeed AM system to take part in user authentication process upon requests to connect to the organization internal network resources.

Authentication via RADIUS protocol can be carried out with quite a few methods:

  • One-time password, sent via SMS;
  • One-time password sent via Email:
  • One-time password generated with TOTP algorithm (Google Authenticator, Authenticator from Microsoft etc.);
  • Constant password, which is different from the domain one, and thus eliminating the chance of compromizing by intruder (Indeed Passcode).

Due to integration of the described extension to RADIUS challenge/response scheme, two-factor authentication is implemented in the form of domain password + one-time password. The latter can be delivered to users in a number of ways (SMS, Email or generated by mobile application).

SMS OTP and Email OTP are the most convenient methods, since they do not require preliminary registration of authenticators by user. The mobile phone number and email address is received by Indeed AM server directly from the user account in Active Directory.