Product guide
Considerations
• UPD ports configured on the Enterprise Authentication server and RADIUS client are identical.
• The shared secrets configured on the Enterprise Authentication server and RADIUS client are
identical.
• All multi-factor authentication tokens have been uploaded using the administration interface.
• If using one-time password authentication, the RADIUS client must support RADIUS
challenge-response.
High-level steps for configuration
1
On the administration interface, set up the RADIUS listener.
2
Connect Enterprise Authentication to the user data source.
3
Configure the RADIUS authentication flow.
4
Verify the configuration.
See also
Configure RADIUS listeners on page 39
Connect Enterprise Authentication to data sources on page 41
Configure RADIUS flows using the guided configuration tool on page 36
Enterprise Authentication as the Identity Provider
When deployed as the Identity Provider, Enterprise Authentication uses SAML to separate Identity
Provider and Service Provider roles.
Example use cases
• Enterprise Authentication receives authentication requests from Service Providers and responds by
validating user identities against a configured identity store. If the identity information is validated,
Enterprise Authentication passes the authentication response to the protected resource, and users
are granted access.
• Network users log on to the company intranet to access third-party Service Providers, such as their
health insurance and 401k providers. When users log on to the company intranet, Enterprise
Authentication validates their identity against a configured identity store and creates the user
session. As long as the user session is active, users can access the third-party Service Providers
without providing their user authentication credentials.
3
Deployment scenarios
Enterprise Authentication as the Identity Provider
16
McAfee Enterprise Authentication 1.0.0 Product Guide