RADIUS, or Remote Authentication Dial-In User Service, is a networking protocol that facilitates secure, centralized authentication for users who connect to a network. In simple terms, the RADIUS server validates a user and grants access to connect to a network. It performs authentication, authorization, and accounting when a user connects through Wi-Fi. With RADIUS, users can connect to a network using an individual set of credentials.
In a home setting, the process of authentication is fairly straightforward. There would be two components, namely the Supplicant and the NAS device. The supplicant is a device, for example, your phones or laptops, that is requesting access to a network. The NAS, or Network Access Server is in charge of authenticating users connecting to the said network. The router in a home setting acts as the NAS device. In a household, the authentication takes place using PSK (pre-shared keys). The owner sets a password and shares it with other members of the house, who then connect to the Wi-Fi network with this. Here, managing access is fairly simple since there's generally only a few members.
At an enterprise level, the aforementioned process would be tedious to manage and supervise. In such situations, RADIUS simplifies access control by storing employee details in a single database. It uses advanced protocols like EAP-TTLS (Extensible Authentication Protocol Tunneled Transport Layer Security), which employs secure TLS tunnels for encryption, ensuring secure data transfer. EAP-TTLS transmits user credentials securely using PAP (Password Authentication Protocol) within a TLS tunnel for authentication. This protocol is superior to the traditional methods because of its encryption and resistance to attacks.
Integrating Wi-Fi authentication with Zoho Directory allows users to use their Zoho Directory account credentials to log in to the Wi-Fi networks. The credentials entered by users trying to connect to the network will be authenticated by the Zoho Directory servers, which then send back an acceptance or rejection message. Since details of all the employees are stored in a single, secure database, it becomes easier for the admin to ensure that only authenticated users are connected to the organization's networks.
A user requests access to a remote network using their Zoho Directory username and password.
This request is sent to the RADIUS server via a Network Access Server.
The RADIUS server authenticates the user request by checking it against the Zoho Directory database, and sends back configuration information (acceptance or rejection message) to NAS.
The NAS uses this configuration information to authorize the user's access to the network.