The Code42 environment is able to utilize multiple RADIUS servers, and a single organization can be configured to use more than one RADIUS server for user authentication. Using multiple RADIUS servers alongside two-factor authentication involves some technical considerations. This article explains the conditions which may cause issues with using multiple RADIUS servers within a single organization.
For a more detailed explanation of how to set up RADIUS in your Code42 environment, see the RADIUS tutorial.
Using multiple RADIUS servers
One organization can be configured to use multiple RADIUS servers for authentication, but be aware of the following conditions on use of multiple RADIUS servers:
- The master server consults RADIUS servers in the order in which they were added.
- If a user is not found within a RADIUS server, or the user's credentials are rejected, then the master server will move on to the next RADIUS server.
- When two-factor authentication is used by one or more of the configured RADIUS servers, then the master server may not cycle through the entire list of RADIUS servers.
- Depending on the particular configuration and RADIUS implementation, a RADIUS server may respond to an incorrect authentication request with an Access-Challenge message rather than an Access-Reject message.
- The master server only cycles to the next RADIUS server in response to an Access-Reject message.
If you are configuring a single RADIUS server to use two-factor authentication in a multi-RADIUS server environment, then adding this RADIUS server last allows the master server to cycle through the entire list of RADIUS servers.