Versions Compared

Old Version 1

changes.mady.by.user Ann Base (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor

This article describes how to enable Nexus OTP in

Nexus Hybrid Access Gateway

Smart ID Digital Access component as two-factor authentication method for Cyberoam, to replace static passwords.

Nexus OTP can be either Nexus TruID Synchronized or 

Nexus Personal

Smart ID Mobile App OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article,

Nexus Hybrid

Digital Access

Gateway

functions as a RADIUS server

and Cyberoam as

and Cyberoam as a RADIUS client. Nexus TruID is used as an example below and

is available

is available for iOS, Android, and Windows

.

Related information

  • Authentication methods
  • Deploy Hybrid Access Gateway and do initial setup
  • Nexus Hybrid Access Gateway
    • 3

    .

    14 - Nexus Personal MobileSet up RADIUS client

    Links

    Expand
    titleNetwork schematic for Nexus OTP authentication

    Image Modified

    Network schematic with Nexus TruID Synchronized as an example.


    1. The end user starts the TruID client and enters the PIN in TruID to generate an OTP.
    2. Cyberoam request the end user to enter username, password and OTP.
    3. The end user enters username, domain password and OTP.
    4. The domain credentials are validated by the Active Directory.
    5. The OTP authentication request is relayed
    to Hybrid
    1. to Digital Access
    Gateway
    1. Authentication Server via RADIUS.
    2. The authentication server validates the OTP with the associated TruID token and PIN from the user database.
    3. Upon successful validation, the authentication server responds with successful authentication to Cyberoam.

    Cyberoam provides access to the end user.

    Prerequisites

    Expand
    titlePrerequisites
    Installed and deployed Hybrid Access Gateway, see Deploy Hybrid Access Gateway and do initial setup

    Make settings

    in Hybrid

    in Digital Access

    Gateway

    Expand
    titleLog in to

    Hybrid
    Digital Access
    Gateway administration interface
    Admin
    1. Log in to
    the Hybrid Access Gateway administration interface with your admin user
    1. Digital Access Admin with an administrator account.


    Expand
    titleAdd Cyberoam as a RADIUS client


    Note
    In step 3, enter the IP Address of the RADIUS Client (Cyberoam) and the Shared Secret Key.

    Insert excerpt
    Set up RADIUS client in Digital Access
    Set up RADIUS client in Digital Access
    nopaneltrue


    Expand
    titleEnable authentication method

    Nexus TruID Synchronized is used as an example. Other Nexus OTP authentication methods are enabled in a similar way.

    Note
    • In step 3, select Nexus Synchronized as method.
    • When the default RADIUS replies are shown, click Next. You can also add your custom RADIUS replies or modify the default replies if required.

    Insert excerpt
    Set up authentication method in Digital Access
    Set up authentication method in Digital Access
    nopaneltrue

    Make settings in Cyberoam

    Expand
    titleAdd
    Hybrid
    Digital Access
    Gateway
    as RADIUS Server
    1. Log in to the Cyberoam administrative interface.

    2. Navigate to Identity > Authentication > Authentication Server.

    3. Click Add to configure RADIUS Server parameters as shown in the table below.

      Image Modified

      ParameterValueDescription
      Server TypeRADIUS serverSelect RADIUS server. If user is required to authenticate using a RADIUS server, appliance needs to communicate with RADIUS server for authentication.
      Server NameCR_RADIUSSpecify name to identify the RADIUS server.
      Server IP172.16.16.18Specify RADIUS server IP address.
      Authentication Port1812Specify port number through which server communicates. By default, the port is 1812.
      Shared SecretcyberoamProvide shared secret, which is to be used to encrypt information passed to the appliance.
      Integration TypeTight IntegrationSelect Tight Integration with the appliance if you want to use vendor specific attribute for setting the user group membership and specify group name attribute.
      Group Name AttributeFilter-IdGroup name attribute is vendor specific.


    4. Click Test Connection to check if Cyberoam is able to connect to the RADIUS Server.

    5. Cyberoam prompts for administrative credentials to test the connection as shown below. Enter the credentials and click Test Connection. If connection is successful, click OK to save the configuration.

    6. Go to Identity > Authentication > Firewall.

    7. Select RADIUS Server as primary authentication server.
      Image Modified

    8. Click Apply to save configuration.

    Example: Log in to Cyberoam

    The following example shows how an end user logs in, using Nexus TruID synchronized. Other Nexus OTP methods can be used in a similar way. 

    Expand
    titleUse Nexus TruID as 2FA to log in to Cyberoam
    1. Start Nexus TruID that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.

      Image ModifiedImage Modified

    2. Enter Key-In domain login id and password along with Nexus TruID OTP.
      Image Modified


    Related information