- Your public IP can only be used one time in JumpCloud.
- You can use DHCP addresses, but when the address changes, you'll need to update the RADIUS server's details with the new IP address. You can do this in the API.
- JumpCloud RADIUS MFA is intended to be used on VPN servers. We don’t currently recommend that you enable RADIUS MFA on your wireless network servers.
- MSCHAP and EAP-PEAP/MSCHAP2 can’t be used as an authentication method with MFA enabled RADIUS. We recommend using EAP-TTLS/PAP for authentication. We don’t recommend using PAP.
- Mac and iOS devices require additional software to use EAP-TTLS/PAP authentication for wireless clients. See this KB for more information.
Adding a RADIUS Server
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to RADIUS.
- Click ( + ). The New RADIUS server panel appears.
- Configure the RADIUS server:
- Enter a name for the server. This value is arbitrary.
- Enter a public IP address from which your organization's traffic will originate.
- Provide a shared secret. This value is shared with the device or service endpoint you're pairing with the RADIUS server.
- Configure Multifactor Authentication for the RADIUS server:
- Toggle the MFA Enforcement for this RADIUS server is option to On to enable MFA for this server. This option is Off by default.
- Select Users will be challenged if they have MFA actively set up to require all JumpCloud users with MFA active for their account provide a TOTP code when they connect to this server.
- Select Users will be challenged unless they are in active an enrollment period to require all JumpCloud users that aren’t in an MFA enrollment period provide a TOTP code when they connect to this server.
- Select Users will always be challenged including during an enrollment period to require all JumpCloud users, even those in MFA enrollment periods, provide a TOTP code when they connect to this server.
Learn how to connect to MFA-enabled servers.
- To grant access to the RADIUS server, click the User Groups tab, then select the appropriate groups of users you want to connect to the server.
- Click save RADIUS server.