Configure RADIUS Push-Based Authentication (Optional)
Optionally, the HID Approve application can also perform a push-based user authentication for a RADIUS authentication.
For further details, refer to the ActivID Authentication Server RADIUS Front End Solution Guide available from the ActivID Customer Portal.
RADIUS gets the result of HID Approve logon validation by JMS notifications.
HID Approve uses a dedicated channel to sign logon request approvals (by default, CH_PASA ‘Mobile push-based Logon validation channel’ defined in the DT_TDSV4 device type container profile).
Configure the RADIUS Channel for Push
In the RADIUS channel used for push-based authentication, you need to explicitly configure the push policy to use for RADIUS authentication (for example, AT_PASA) in the Push-based Authentication Configuration (defined in the Channel Policy tab, as illustrated below).
Configure Send After via RADIUS for Push
You can also configure ActivID AS to return send after attributes via RADIUS as part of a push-based authentication deployment.
In the RADIUS channel used for push-based authentication, define an Authorization Profile Selection Rule Defined in the channel configuration to specify what data to check or send back to the Access Controller/Service Provider. containing the Send After authorization profile with the set of attribute values to be returned for successful push-based authentications.
You can either create the profile:
-
Using the Authorization Profile Selection Rule wizard when creating or editing a channel
-
Or independently so it can be selected as an 'existing profile' in the wizard later