Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.
How can we improve?
Configure remote authentication through RADIUS
The ExtraHop appliance supports Remote Authentication Dial In User Service (RADIUS) for remote authentication and local authorization only. For remote authentication, the ExtraHop appliance supports unencrypted RADIUS and plaintext formats.
- Log into the Admin UI on the ExtraHop appliance.
- In the Access Settings section, click Remote Authentication.
- From the Remote authentication method drop-down list, select RADIUS and then click Continue.
-
On the Add RADIUS Server page, type the following
information:
- Host
- The hostname or IP address of the RADIUS server. Make sure that the DNS of the ExtraHop appliance is properly configured if you specify a hostname.
- Secret
- The shared secret between the ExtraHop appliance and the RADIUS server. Contact your RADIUS administrator to obtain the shared secret.
- Timeout
- The amount of time in seconds that the ExtraHop appliance waits for a response from the RADIUS server before attempting the connection again.
- Click Add Server.
- (Optional): Add additional servers as needed.
- Click Save and Finish.
-
From the Permission assignment options drop-down list,
choose one of the following options:
- Remote users have full write access
This option allows remote users to have full write access to the ExtraHop Web UI.
- Remote users have full read-only access
This option allows remote users to have read-only permissions to the ExtraHop Web UI.
Note: You can add read-write permissions on a per-user basis later through the Users page in the Admin UI. - Remote users can view connected appliances
This option, which only appears on the Command appliance, allows remote users to log into the Admin UI on the Command appliance and view any connected Discover, Explore, and Trace appliances.
- Remote users have full write access
-
Select one of the following options to allow remote users to download packet
captures and SSL session keys.
- No access
- Packets only
- Packets and session keys
- Click Save and Finish.
- Click Done.
Thank you for your feedback. Can we contact you to ask follow up questions?