10 Jun 2024

How To Setup Cloud RADIUS for SCEPman

Let’s dive into how to set up a RADIUS server for SCEPman. If you’ve already distributed certificates through Intune or Jamf using SCEPMan and are now looking to integrate RADIUS authentication using a cloud service, you’re in the right place. Follow these steps to configure RADIUS with ease. If you have not yet set up SCEPman, Check out how you can setup an Intune SCEP Certificate Authority.

Create a Cloud RADIUS Step 1: Register EZRADIUS Application

The first thing we must do is use a Global Administrator account to register the Keytos application and the EZRadius application. This step allows EZRADIUS to authenticate your users securely.

Create a Cloud RADIUS Step 2: Create EZRADIUS in Azure

Now that we have registered the applications in Entra ID, let’s create EZRADIUS in Azure (While we are creating it in Azure we are not creating any resources, all servers are hosted by Keytos, this is only used for billing). If you prefer, you can also do this directly in the EZRADIUS portal.

Search Marketplace: In the Azure portal, search for EZ RADIUS and select your preferred plan.
Enter Subscription Details: Provide the subscription name, resource group, and review and create the subscription.
Configure Account: Once the subscription is active, configure your account by logging into the EZRADIUS portal with your Azure credentials.
Select your Cloud RADIUS Instance Location: Last we are going to select the location where to deploy EZRADIUS. If you want to deploy in a region that is currently not available, email sales@keytos.io and request that location.

Create a Cloud RADIUS Step 3: Configure EZRADIUS Settings

After setting up your EZRADIUS instance, bookmark the instance URL for easy access. Next, if Needed, you can go to the settings page and configure your access (who is an owner of the RADIUS server, Network administrador, or even just log reader) and RADIUS SIEM Connection, Even if you are not using a SIEM, you can push your logs to an Azure log analytics workspace and use our RADIUS Log Analytics Dashboard to have a better view of your logs.

Step 4: How to Create RADIUS Access Policies

Now that we have fully configured our Cloud RADIUS subscription, we have to create the RADIUS Access Policies that will define the access to our network. For SCEPman, you will Setup your CA Trust as a local CA, and for the server certificate, you can use our integrated server certificate creation

Step 5: How To Configure RADIUS on Network Devices

Now that we have created the RADIUS policies, we need to configure our network devices to use the Cloud RADIUS server. In this section of the documentation we have the network devices for the most common vendors.

Step 6: How To Configure Wi-Fi Authentication in Intune

After creating the RADIUS policies and connecting the RADIUS server to your network, you probably want to use Intune to distribute the RADIUS Wi-Fi profile to your devices. This way, you can have a seamless experience for your users.

Conclusion - Setting up Wifi Certificate Authentication with SCEPman and Cloud RADIUS is Easy

By following these steps, you can effectively set up RADIUS authentication with SCEPman, enhancing your network security and certificate management. For more information, check out the documentation linked below. If you have any questions, feel free to reach out. Thank you for reading, and stay tuned for more tutorials!