m |
m |
||
| Line 27: | Line 27: | ||
| − | The card displays the | + | The card displays the Username, [[File:icon_mfa_mac.png|20px|MAC Address Icon]] number of MAC addresses, and [[File:icon_mfa_nasid.png|20px|NAS-ID Icon]] number of NAS-IDs. Clicking on a card will take you to the detailed page for additional authentication. |
At the top, you can use the search function to search for specific users by their names, MAC addresses, NAS-ID, or processors.<br><br> | At the top, you can use the search function to search for specific users by their names, MAC addresses, NAS-ID, or processors.<br><br> | ||
You can search by user type: All, Local, or External Authentication. | You can search by user type: All, Local, or External Authentication. | ||
Latest revision as of 15:05, 10 August 2023
Multi-Factor Authentication
RADIUS > Multi-Factor Authentication
The function of additional authentication refers to the process of identifying and authenticating users using not only the "User-Name" and "User-Password" but also including the MAC address of the client terminal and the NAS-ID (SSID) when necessary.
To utilize this feature, you need to select "Enabled" under RADIUS > Settings > General > Additional attributes for Multi-Factor Authentication. You can choose to enable only one of the additional attributes, either "Client(supplicant) MAC Address" or "NAS-ID (SSID)." While this feature is optional, if you set additional attributes for users, these attributes will be included in the authentication process along with their credentials. For instance, if the authentication information for user1 contains only a password, the authentication will be processed with the user1/password combination. On the other hand, if user2's authentication includes a MAC address as an additional attribute along with the password, the authentication for user2 will be processed using the user2/password/MAC address combination.
Setting Multi-Factor Authentication
You can configure MAC additional authentication and NAS-ID additional authentication in "RADIUS > Settings > General > Additional attributes for Multi-Factor Authentication". Initially, this feature is shipped in a "Disabled" state, so if you wish to use it, change it to "Enabled" and configure it through the RADIUS > Multi-Factor Authentication menu.
If you do not use all attributes, the RADIUS > Multi-Factor Authentication Authentication menu will not be displayed.
Mangement Multi-Factor Authentication
You can manage it through the RADIUS > Multi-Factor Authentication menu.
Only the additional attributes selected as "Enabled" in RADIUS > Settings > General > Additional attributes for Multi-Factor Authentication can be chosen for "Additional Authentication". If you do not use all attributes, the RADIUS > Multi-Factor Authentication menu will not be displayed.
List Multi-Factor Authentication
You can access the RADIUS > Multi-Factor Authentication menu, where you can view registered Multi-Factor authentication user information in card view.
The card displays the Username, 
number of MAC addresses, and 
number of NAS-IDs. Clicking on a card will take you to the detailed page for additional authentication.
At the top, you can use the search function to search for specific users by their names, MAC addresses, NAS-ID, or processors.
You can search by user type: All, Local, or External Authentication.
"Local" refers to accounts registered in RADIUS > Users, and "External Authentication" represents accounts that receive authentication from an external database and are displayed when additional authentication is used.
The displayed number of items can be set to 8, 12, 16 (default), 20, 40, 60, or 80 items. You can choose the number that suits your viewing preference.
Create Multi-Factor Authentication
You can register additional authentication accounts and information by clicking the “Create New User Additional Authentication” button at the top right of the RADIUS > Multi-Factor Authentication page.
| Item | Required | Description |
|---|---|---|
| Username | Yes | The multibyte characters(e.g, korean, japaneses) are not allowed. |
| NAS-ID | Optional | Can only be used with registered NAS-ID (SSID).
This item is required if Use NAS-ID Additional Authentication for RADIUS > Settings > General > Additional attributes for Multi-Factor Authentication is enabled. |
| MAC Address | Optional | This can be used only when the MAC address of the registered user's device matches.
This item is required if Use MAC Additional Authentication in RADIUS > Settings > General > Additional attributes for Multi-Factor Authentication is enabled. |
| Description | No | Enter a description of the user device. You can register within 250 characters. |
Details Multi-Factor Authentication
Clicking on a user within the list in RADIUS > Multi-Factor Authentication will take you to the Multi-Factor Authentication Details page.
In the left section, the information about the Multi-Factor authentication account is displayed, while the right section shows the MAC addresses and NAS-ID information registered for this account in a list format.
(1) Multi-Factor Authentication Account Information
The page displays the Username using Multi-Factor authentication, user type, the time of the most recent account addition, the time of the most recent authentication, the number of Multi-Factor authentication MAC addresses, and the number of Multi-Factor authentication NAS-ID. Clicking the "Delete" button at the bottom will remove all Multi-Factor authentication information for the user. Clicking the "List" button will take you back to the Multi-Factor Authentication List.
(2) MAC Address
In the MAC address section, clicking the "Delete All" button at the top-right will remove all registered MAC Multi-Factor authentication information. Clicking the "Add" button will open fields to input MAC addresses and descriptions. After inputting the information, clicking the Save button will add them. Clicking the Delete button in the first column of the list will remove the corresponding MAC Multi-Factor authentication information. Clicking the MAC address in the second column of the list will open a window to modify the information, such as the MAC address or description. The remaining columns display the description, the time of the most recent authentication, the time of adding the Multi-Factor authentication information, and the administrator's information.
(3) NSA-ID
In the NAS-ID section, clicking the "Delete All" button at the top-right will remove all registered NAS-ID Multi-Factor authentication information. Clicking the "Add" button will display an input & selection window for NAS-IDs. After selecting or entering the NAS-ID, clicking the Save button will add them. Clicking the Delete button in the first column of the list will remove the corresponding NAS-ID Multi-Factor authentication information. Clicking the NAS-ID in the second column of the list will open a window to modify the NAS-ID information. The remaining columns display the time of the most recent authentication, the time of adding the Multi-Factor authentication information, and the administrator's information.