Enterprise Network Authentication

KeyGridRADIUS Server

Enterprise-grade RADIUS authentication server with native KeyGrid PKI integration, EAP-TLS certificate-based authentication, LDAP/Active Directory support, MAC Authentication Bypass for IoT devices, and RadSec encrypted transport. Built for modern network security.

Native KeyGrid PKI Integration: Seamless certificate-based authentication with automatic OCSP validation and CRL checking

Enterprise Authentication Platform

Complete RADIUS solution with advanced EAP methods, policy engine, and seamless PKI integration

Certificate-Based Authentication

Enterprise-grade EAP-TLS authentication with seamless PKI integration

  • EAP-TLS (RFC 5216)
  • EAP-TTLS tunneled auth
  • PEAP with MSCHAPv2
  • Client certificate validation

802.1X Network Access Control

Secure wired and wireless network access with dynamic policy enforcement

  • Port-based authentication
  • Dynamic VLAN assignment
  • Network segmentation
  • Real-time policy evaluation

RadSec & RadSec Proxy

Encrypted RADIUS communication with full proxy support for cross-network authentication

  • TLS 1.2/1.3 encryption
  • RadSec proxy forwarding
  • Certificate-based trust
  • Mutual authentication

LDAP & Active Directory

Native integration with enterprise directory services for user and group management

  • Active Directory support
  • LDAP user authentication
  • Group-based policies
  • Automatic group sync

MAC Authentication Bypass

Secure network access for devices without 802.1X supplicants

  • IoT device support
  • Printer authentication
  • MAC address allowlists
  • Fallback from 802.1X

Change of Authorization (CoA)

Dynamic session control with RFC 5176 support for real-time policy updates

  • Session disconnect
  • Re-authentication trigger
  • Dynamic VLAN change
  • Attribute updates

RADIUS Proxy & Federation

Route authentication requests across realms and federated identity providers

  • Realm-based routing
  • Load balancing
  • Failover support
  • eduroam compatible

High-Performance Engine

Optimized for high-throughput enterprise authentication workloads

  • 10,000+ auth/second
  • Sub-50ms latency
  • Connection pooling
  • Horizontal scaling

Observability & Accounting

Full observability with OpenTelemetry, session tracking, and audit logging

  • OpenTelemetry tracing
  • Prometheus metrics
  • Session accounting
  • Structured audit logs

Supported Authentication Methods

Industry-standard EAP methods with enterprise-grade security

EAP-TLS

Certificate-based mutual authentication

Security: Highest

EAP-TTLS

Tunneled authentication with inner methods

Security: High

PEAP

Protected EAP with MSCHAPv2

Security: High

MAB

MAC Authentication Bypass for IoT devices

Security: Medium

RadSec

RADIUS over TLS with proxy support

Security: Highest

CoA/DM

Change of Authorization & Disconnect Messages

Security: High

Enterprise Use Cases

Secure authentication for every network access scenario

Enterprise Wireless

Secure corporate Wi-Fi with certificate-based 802.1X authentication

  • WPA2/WPA3 Enterprise
  • Per-user VLAN assignment
  • Guest network isolation
  • Device posture checks

Wired Network Security

Port-based access control for switches and network infrastructure

  • Switch port authentication
  • Dynamic ACLs
  • Network segmentation
  • Rogue device prevention

IoT & Device Authentication

MAC Authentication Bypass for printers, IoT devices, and legacy equipment

  • MAC allowlist management
  • Device profiling
  • Automatic VLAN placement
  • Fallback from 802.1X

VPN Authentication

Strong authentication for remote access and site-to-site VPNs

  • IPsec/IKEv2 integration
  • Certificate authentication
  • Multi-factor support
  • Session management

Active Directory Integration

Leverage existing AD/LDAP infrastructure for user and group authentication

  • LDAP bind authentication
  • Group-based VLAN assignment
  • Nested group support
  • Cached credentials

Cloud-Native NAC

Modern network access control for hybrid and cloud environments

  • Kubernetes deployment
  • Auto-scaling
  • Multi-region support
  • Cloud HSM integration
Flexible Policy Engine

Dynamic Access Policies

Fine-grained network access control with real-time policy evaluation

User-Based Policies

Authentication decisions based on user identity, group membership, and certificate attributes

  • Username matching
  • Group membership
  • Certificate subject/issuer
  • Time-of-day rules

Device-Based Policies

Network access policies based on device type, MAC address, and compliance status

  • MAC address filtering
  • Device type detection
  • Certificate validation
  • NAS identification

Dynamic Attributes

Return custom RADIUS attributes for network device configuration

  • VLAN assignment
  • Session timeouts
  • Bandwidth limits
  • Filter assignments

Ecosystem & Integrations

Native integration with the KeyGrid platform and modern infrastructure

KeyGrid PKI

Native

Native certificate authority integration

Active Directory

Native

Enterprise directory and group integration

LDAP

Native

Standard LDAP directory service support

OpenTelemetry

Native

Distributed tracing and observability

OCSP/CRL

Integrated

Real-time certificate validation

Prometheus

Built-in

Metrics and monitoring

PostgreSQL

Native

Session and accounting storage

Kubernetes

Helm Charts

Cloud-native deployment

Performance Specifications

Built for enterprise-scale network authentication workloads

10,000+
auth/sec

Authentication Rate

<50ms
p99

Response Latency

100K+
sessions

Concurrent Sessions

99.99%
uptime

Availability

Architecture Highlights

Modern, cloud-native architecture designed for reliability and scale

Core Components

RADIUS Engine - High-performance authentication processing
EAP Framework - EAP-TLS, PEAP, TTLS, and MAB handlers
LDAP/AD Connector - Directory service integration
Policy Engine - Real-time access decision making
CoA/DM Handler - Dynamic session control (RFC 5176)
Proxy & Realm Router - Federation and request routing
RadSec Proxy - Secure TLS proxy forwarding
PKI Client - Certificate validation & OCSP
OpenTelemetry - Distributed tracing & metrics

Deployment Options

Kubernetes - Helm charts for cloud deployment
Docker - Multi-architecture container images
Bare Metal - Native binary for on-premises
High Availability - Active-active clustering
Auto-Scaling - Horizontal pod autoscaling

Secure Your Network Access

Deploy enterprise-grade RADIUS authentication with certificate-based security. Native KeyGrid PKI integration ensures seamless certificate lifecycle management.