2FA for Windows Logon

GreenRADIUS 2FA for Windows logon is a popular solution among our customers. Not only is our Windows solution simple to deploy, but can also secure a wide variety of Windows deployments, such as domain-joined or not, Active Directory or local user accounts, and online or offline logins. Our solution also supports YubiKeys, other FIDO U2F tokens, Google Authenticator, and our own mobile apps.

2FA for ADFS (Active Directory Federation Services)

GreenRADIUS 2FA for ADFS enables customers to enforce two-factor authentication for any application or resource integrated with Microsoft’s ADFS. Such applications can be internal websites and resources or external ones such as Google G-Suite, Office 365, Slack, Concur, and any other site that supports SAML 2.0. YubiKeys, Google Authenticator, and our Green Rocket 2FA mobile app can be used as tokens.

FIDO Module

The GreenRADIUS premium FIDO Module enables the use of FIDO tokens, such as YubiKeys. A user may have both an OTP token and a FIDO token active at the same time, and the user can choose which to use for authentication. As a two-way authentication protocol, FIDO is not supported natively on many legacy devices such as VPNs and PAM modules. With GreenRADIUS, you can add support using FIDO tokens to take advantage of the latest technology across your network.

OATH Module

The GreenRADIUS premium OATH Module enables use of OATH ready Tokens/Smartphone Apps (such as Google Authenticator) in addition to YubiKeys. A user may have both a YubiKey and Google Authenticator active at the same time, and the user can choose which to use for authentication. Some firewalls/VPN devices with artificial password length limitations (such as WatchGuard) currently do not support YubiKeys in standard mode due to password length limitations. By programming the YubiKeys to use OATH mode or adding additional OATH tokens/apps, these users and organizations can be protected with strong 2FA via GreenRADIUS.

Mobile App

The Green Rocket 2FA mobile app is available for Android and iPhone. Users receive a push notification upon a login and simply tap Approve on our app to complete the login. Our mobile app will work for all integrations with GreenRADIUS, including VPN, Windows logon, Linux servers, and websites.

PIN Module

The GreenRADIUS premium PIN Module enables organizations to use a PIN instead of a LDAP password as the first factor. The PIN is stored and managed in the GreenRADIUS server. This is useful for those organizations or customers that do not want to use LDAP passwords for RADIUS integrations, but still want to have a PIN for the first factor.

LDAP Module

The GreenRADIUS premium LDAP Module enables 2FA use with systems/products that require LDAP authentication but do not natively support 2FA. Some FIPS 140-2 enabled products limit the use of the RADIUS protocol (such as Palo Alto Networks firewalls), and in these cases, direct support for LDAP authentication is required in order to support 2FA. Note that Active Directory and other user directories are supported “out of the box” in GreenRADIUS, so that organizations can always use their network credentials as the first factor. The LDAP Module allows support for another authentication protocol in addition to the built-in RADIUS one.