Rubycat PROVE IT - inWebo RADIUS integration

This document explains how to integrate inWebo with Rubycat PROVE IT via inWebo RADIUS.

Prerequisites

An administrator access to your PROVE IT web admin console
An administrator access to your inWebo account
Allow UDP traffic in port 1812 from PROVE IT to inWebo RADIUS server

Configuration

To integrate inWebo with Rubycat PROVE IT via inWebo RADIUS, you should make configurations on the PROVE IT side (configure Authentication Server, Authentication Realm, user role and Access Policy) and on the inWebo side (configure inWebo RADIUS connector).

PROVE IT Authentication Server

Navigate to authentication tab and select Authentication menu

Une image contenant texte Description générée automatiquement

Click on Add new server and select RADIUS as a type. Make sure to select Push notification as authentication mode.

Configure Host name with inWebo RADIUS: radius-a.myinwebo.com (95.131.139.137)

and Port with 1812. Change the default timeout to 20sec and Max retries to 3.

The parameters NAS identifier and NAS IP are optional

Whether you need to set a secondary RADIUS, you might use the secondary inWebo RADIUS: radius-b.myinwebo.com (217.180.130.59)

Fill out the share secret. This information will be shared with inWebo server through inWebo RADIUS connector.

PROVE IT Authentication Realm

Change an existing Realm or create a new one.

Une image contenant table Description générée automatiquement

Click on New realm and optionally configure it as the Default Realm

Select the Authentication server created previously as the First authentication server or as the Second authentication server.

The user experience will be different if inWebo RADIUS is selected either as a first or second Authentication server.

When inWebo RADIUS server is setting up as a Second authentication server, the first authentication might be PROVE IT-interne or LDAP.

PROVE IT user role

You can change an existing user Role or create a new one. Navigate to Authorization tab and select Role in the Users menu

Click on Add new role

Select the real created / modified previously and search for one or more user group / user to map with that role. Add them to the Selected groups or Selected user columns.

PROVE IT Access policy

Change an existing user Role or create a new one. Select Access policies in the menu Users.

Click on Add new policy

Select the role configured previously

Select the desired services

Click on Next. Optionally configure a Filter and Submit.

inWebo RADIUS Connector

Log in to the inWebo administration console http://www.myinwebo.com/console .

Navigate to Secure site tab > Connector and add a connector of type RADIUS Push.

Fill out IP address with PROVE IT public IP address and the RADIUS secret with the share secret previously defined in step 2.

Any modification made to your radius configuration will be applied within the next 15 minutes.

User Experience

InWebo RADIUS as the First authentication Server

When connecting with a SSH or RDP client, the user will enter a random character and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop)

InWebo RADIUS as the Second Authentication Server

When connecting with a SSH or RDP client, the user will enter his password (local or AD) and then must authorize the authentication request on inWebo Authenticator (Mobile or Desktop)