Documentation
Start typing to search…

RADIUS | RS

Benefits of RADIUS integration

BeyondTrust Remote Support integrates with RADIUS servers to provide centralized authentication and strong multi-factor security. This setup supports one-time passcodes, RSA tokens, or other RADIUS-based methods.

  • Authenticate users through existing RADIUS infrastructure.
  • Enhance security with two-factor methods like RSA.
  • Spare users and admins from managing extra credentials.
  • Disable accounts automatically when access is revoked in RADIUS.

How do I access the Security Providers page?

  1. Use a Chromium-based browser to sign in to your Remote Support URL.
    This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login.
  2. From the left menu, click Users & Security.
    The Users page opens and displays by default.
  3. At the top of the page, click Security Providers.
    The Security Providers page displays.

Add a security provider

  1. On the Security providers page, click + Add, and then select RADIUS from the list.
    The Add Security Provider page displays.
  2. Configure the security provider following the steps below.
RADIUS fields

  • Connection settings

    • Hostname: Enter the hostname of the server that houses your external directory store.

    • Port: Specify the authentication port for your RADIUS server. This is typically port 1812.

    • Timeout (seconds): Set the length of time to wait for a response from the server. Note that if the response is Response-Accept or Response-Challenge, then RADIUS will wait the entire time specified here before authenticating the account. Therefore, it is encouraged to keep this value as low as reasonably possible given your network settings. An ideal value is 3-5 seconds, with the maximum value at three minutes.

    • Connection method

      • Proxy from appliance through the Connection Agent: If you are using an external directory store in the same LAN as your appliance, the two systems may be able to communicate directly, so leave this option unchecked.

        If the two systems are unable to communicate directly, such as if your external directory server is behind a firewall, you must use a connection agent. Downloading the Win32 connection agent enables your directory server and your appliance to communicate via an SSL-encrypted, outbound connection, with no firewall configuration. The connection agent can be downloaded to either the directory server or a separate server on the same network as your directory server (recommended).

        Check this option, create a Connection Agent Password for use in the connection agent installation process. Then click Download Connection Agent, run the installer, and follow the installation wizard. During installation, you will be prompted to enter the security provider name and the connection agent password you created above.

        ℹ️

        The Proxy from appliance through the Connection Agent option is not available to Remote Support Cloud customers, as Cloud instances must run the connection agent in order to use an external directory store.

    • Shared secret: Provide a new shared secret so your appliance and your RADIUS server can communicate.

Additional setup and tips

Updated 2 months ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.