Enabling or Disabling RSA Authentication via RADIUS

(Included in Advanced Security Module) If RADIUS is enabled on a Site and a Settings Template, you can enable or disable the use of RADIUS for individual user accounts. (The username must correspond to a username in the RSA Authentication Manager server’s database.) For example, you may have some users who will use RADIUS to authenticate on the Site, but other user who do not use RADIUS. (You cannot enable RADIUS authentication for user account on a Settings Template or a Site that does not have RADIUS authentication enabled or defined.)

To enable or disable RADIUS for a user account

  1. On the Server tab, in the tree of a Site that has RADIUS enabled, expand the Settings Template of users for whom you want to enable or disable RADIUS.

  2. In the right pane, on the General tab, clear the Use RADIUS authentication check box to disable RADIUS; select the check box to enable RADIUS.

    • You can also enable or disable RADIUS in the New User wizard when you create the user account.

  3. Click Apply to save the setting.

On user accounts that have RADIUS enabled, it is possible for users to lock themselves out of the RADIUS server (e.g., due to multiple invalid logins). The user in this case will not be able to log in to EFT, but will not appear to be locked out of EFT in the administration interface. EFT will log only that a login was denied at the protocol level (on INFO in HTTP).You must unlock the account on the RADIUS server for the user to be able to log in to EFT. (For information about unlocking accounts on the RADIUS server, refer to that server’s user guide.)