RADIUS Wi-Fi Authentication with Multiple Domains

What if you had to manually categorize and configure every single end-user device on your network? Obviously, that would be a drain on your administrator’s time, which is why domains are absolutely essential. Domains empower administrators to organize users and devices, allowing them to apply settings from one central location rather than having to manually update every single one. Furthermore, they provide the framework for RADIUS Wi-Fi authentication by serving as directories for the RADIUS server to interface with.

But as organizations grow and merge, so do their networks. A single domain may not always be enough, leading to complex authentication schemes that must be able to bridge multiple domains. The good news is that RADIUS Wi-Fi authentication with multiple domains is certainly possible – and, as some of our customers have found, it doesn’t have to be complex.

What is Multi-Domain Authentication?

The nuances of domains can get fairly technical, but it’s simple when you picture them as directories that contain information about the users and devices on a network. (Not to be confused with Domain Name Service, which is related to websites!)

For small offices, a single domain may be enough to encapsulate the networking needs of the business. Larger companies, however, often have multiple domains to accommodate their numerous offices. Multiple domains may also occur when one business acquires another in a merger, combining two previously separate networks.

This is where the term multi-domain authentication comes into play. Multi-domain authentication is the process of authenticating multiple devices and users that belong to different domains using one RADIUS server.

In the past, this has been a complex setup requiring a proxy RADIUS for multiple domains that directs authentication requests to a separate RADIUS. You can reference the below diagram for an idea of what this setup looks like and how it works.

RADIUS-Wi-Fi-Diagram-2

Can you have multiple domains on the same network?

Yes, it is entirely possible to have multiple domains on a single network. Just above, we provided some examples of why this may be the case.

Large companies with multiple offices often have multiple domains. Additionally, multiple domains may come together when two organizations merge and combine their networks.

Can You Have Multiple RADIUS Servers?

A network can have multiple domains and multiple RADIUS servers. Historically, organizations have needed to have multiple RADIUS servers if they had multiple domains.

In this setup, you would have one proxy RADIUS server that forwards authentication requests to the correct RADIUS server for each domain. The result is a network that is shaped somewhat like a tree: the branches are the clients, the trunk is the RADIUS proxy, and the roots are the multiple RADIUS servers the proxy directs to. See the above illustration for an example of what we mean.

Can you have multiple RADIUS servers on one domain?

While not as common a setup, it’s also possible for an organization to have multiple RADIUS servers on a single domain. The question is, why would an organization do this?

We can think of one main reason: a business that has a single domain that spans multiple locations. In this scenario, the business in question could have an on-premise RADIUS server for each location.

The issue with having multiple on-premise RADIUS servers is that maintenance is tedious. You’d need to have personnel with the necessary knowledge and experience to maintain each of your servers – not to mention the physical space and security for them all.

Can You Use One RADIUS Server for Multiple Domains?

RADIUS-Wi-Fi-Diagram 1

Fortunately, you no longer need to have multiple RADIUS servers to cover your multiple domains. There are now RADIUS services that make it possible (and easy!) to utilize a single server for authentication across all your domains.

One such example is our unique and powerful Cloud RADIUS. Because it’s based in the cloud, there is no need for expensive, inconvenient, on-premise RADIUS servers. You can use Cloud RADIUS for all your locations at any time.

This cloud-based functionality is also what makes the multi-tenant aspect of our RADIUS service possible. Multiple domains – and even multiple organizations – can use Cloud RADIUS for authentication simultaneously. You can even use Cloud RADIUS in an infrastructure that includes Wi-Fi with multiple IDPs, such as in the diagram above.

Secure Wi-Fi Authentication with Multiple Domains Using Cloud RADIUS

Having multiple domains for Wi-Fi doesn’t mean you need an overly complex authentication setup, such as multiple RADIUS servers. In fact, having multiple RADIUS servers is inconvenient, expensive, and increases your attack surface.

You can simplify your authentication using Cloud RADIUS. It enables you to have a single RADIUS server for all your domain authentication needs, regardless of location. Since it’s located in the cloud, you don’t need to worry about allocating physical space for it, protecting it from on-site security threats, or hiring additional personnel to maintain it. Check out our pricing to see how affordable Cloud RADIUS authentication can be.

Amanda Tucker

Amanda is a copywriter from the beautiful (and oftentimes wild) state of Minnesota. Her passion for learning new things is demonstrated by a diverse writing portfolio and paralegal studies degree. When she's not writing for work, you can usually find her going down random research rabbit holes, playing tabletop RPGs, or listening to cybersecurity podcasts like Risky Business.

Related Post