[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Configuring RADIUS Servers in JumpCloud

This document is meant to be used along with Configuring a Wireless Access Point (WAP), VPN or Router for JumpCloud's RADIUS.


  • Your public IP can only be used one time in JumpCloud.
  • You can use DHCP addresses, but when the address changes, you'll need to update the RADIUS server's details with the new IP address. You can do this in the API.
  • JumpCloud RADIUS MFA is intended to be used on VPN servers. We don’t currently recommend that you enable RADIUS MFA on your wireless network servers.
  • MSCHAP and EAP-PEAP/MSCHAP2 can’t be used as an authentication method with MFA enabled RADIUS. We recommend using EAP-TTLS/PAP for authentication. We don’t recommend using PAP.
  • Mac and iOS devices require additional software to use EAP-TTLS/PAP authentication for wireless clients. See this KB for more information.

Adding a RADIUS Server

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to RADIUS.
  3. Click ( + ). The New RADIUS server panel appears.
  4. Configure the RADIUS server:
    • Enter a name for the server. This value is arbitrary.
    • Enter a public IP address from which your organization's traffic will originate.
    • Provide a shared secret. This value is shared with the device or service endpoint you're pairing with the RADIUS server.
  5. Configure Multifactor Authentication for the RADIUS server:
  • Toggle the MFA Enforcement for this RADIUS server is option to On to enable MFA for this server. This option is Off by default.
  • Select Users will be challenged if they have MFA actively set up to require all JumpCloud users with MFA active for their account provide a TOTP code when they connect to this server. 
  • Select Users will be challenged unless they are in active an enrollment period to require all JumpCloud users that aren’t in an MFA enrollment period provide a TOTP code when they connect to this server.
  • Select Users will always be challenged including during an enrollment period to require all JumpCloud users, even those in MFA enrollment periods, provide a TOTP code when they connect to this server.
    Learn how to connect to MFA-enabled servers.
  1. To grant access to the RADIUS server, click the User Groups tab, then select the appropriate groups of users you want to connect to the server.
  2. Click save RADIUS server.



Last Updated: Sep 12, 2019 11:04AM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found