Configure RADIUS Push-Based Authentication (Optional)

Optionally, the HID Approve application can also perform a push-based user authentication for a RADIUS authentication.

For further details, refer to the ActivID Authentication Server RADIUS Front End Solution Guide available from the ActivID Customer Portal.

Note: There is no direct coupling between HID Approve and the RADIUS channel.

RADIUS gets the result of HID Approve logon validation by JMS notifications.

HID Approve uses a dedicated channel to sign logon request approvals (by default, CH_PASA ‘Mobile push-based Logon validation channel’ defined in the DT_TDSV4 device type container profile).

Configure the RADIUS Channel for Push

In the RADIUS channel used for push-based authentication, you need to explicitly configure the push policy to use for RADIUS authentication (for example, AT_PASA) in the Push-based Authentication Configuration (defined in the Channel Policy tab, as illustrated below).

Important: Do not assign your RADIUS channel as a selected channel for the push authentication policies (AT_PASA or AT_TDS). If you want to configure a channel for push-based authentication, define the authentication policy in the Channel Policy tab.

Configure Send After via RADIUS for Push

You can also configure ActivID AS to return send after attributes via RADIUS as part of a push-based authentication deployment.

In the RADIUS channel used for push-based authentication, define an Authorization Profile Selection Rule Defined in the channel configuration to specify what data to check or send back to the Access Controller/Service Provider. containing the Send After authorization profile with the set of attribute values to be returned for successful push-based authentications.

You can either create the profile:

Important: If there is more than one rule configured for the RADIUS channel, the rule containing the push-based Send After profile must be first (1) in the Priority Order.
Note: For push-based authentication via RADIUS, Check Before profiles are not supported (that is, Check Before attributes will not be applied).