RADIUS Translation

RADIUS translation provides mapping from LDAP attribute values or Entra ID group IDs to RADIUS attributes. Specified user attributes are translated to RADIUS attributes that are included in the RADIUS Access Accept that Mideye returns to the RADIUS client (VPN concentrator or firewall). For example, group membership can be translated to corresponding Class attribute values that the RADIUS client can use to determine user authorization levels.

To enable RADIUS Translation, mark the corresponding checkbox in the user repository configuration (LDAP profile or Azure Active Directory).

Below is the location of said checkbox for LDAP:

And here is the location of the checkbox for Azure:

Then create translation rules for the various attribute values and/or group IDs:

LDAP attribute values can be specified with Java regular expressions, e.g. .*VPNusers.*. If full group names are to be translated, it is recommended to copy them from the directory admin tool to avoid typos - the translation is both blank space and case sensitive.

LDAP attributes and Entra ID group IDs can be translated to arbitrary standard RADIUS attributes or vendor specific attributes. If a vendor or vendor specific attribute is missing in the list, it can be added in the 'Vendor Specific Attributes' menu.