- Reveal(x) Enterprise and ExtraHop Performance systems
Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.
How can we improve?
Configure remote authentication through RADIUS
The ExtraHop system supports Remote Authentication Dial In User Service (RADIUS) for remote authentication and local authorization only. For remote authentication, the ExtraHop system supports unencrypted RADIUS and plaintext formats.
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Access Settings section, click Remote Authentication.
- From the Remote authentication method drop-down list, select RADIUS and then click Continue.
-
On the Add RADIUS Server page, type the following
information:
- Host
- The hostname or IP address of the RADIUS server. Make sure that the DNS of the ExtraHop system is properly configured if you specify a hostname.
- Secret
- The shared secret between the ExtraHop system and the RADIUS server. Contact your RADIUS administrator to obtain the shared secret.
- Timeout
- The amount of time in seconds that the ExtraHop system waits for a response from the RADIUS server before attempting the connection again.
- Click Add Server.
- (Optional): Add additional servers as needed.
- Click Save and Finish.
-
From the Privilege assignment options drop-down list,
choose one of the following options:
- Remote users have full write access
This option grants remote users full write access to the ExtraHop system. In addition, you can grant additional access for packet downloads, SSL session keys, and detections.
- Remote users have full read-only access
This option grants remote users read-only access to the ExtraHop system. In addition, you can grant additional access for packet downloads, SSL session keys, and detections.
- Remote users have full write access
- (Optional):
Configure packet and session key access. Select one of the following options to
allow remote users to download packet captures and SSL session keys.
- No access
- Packet slices only
- Packets only
- Packets and session keys
- (Optional):
Configure detections access. Select one of the following options to allow
remote users to view detections. This setting is visible only when the global
privilege policy for detections access control is set to Only
specified users can view detections.
- No access
- Full access
- Click Save and Finish.
- Click Done.
Thank you for your feedback. Can we contact you to ask follow up questions?