Network schematic with Nexus TruID Synchronized as an example.

1. The end user starts the TruID client and enters the PIN in TruID to generate an OTP.
2. Cyberoam request the end user to enter username, password and OTP.
3. The end user enters username, domain password and OTP.
4. The domain credentials are validated by the Active Directory.
5. The OTP authentication request is relayed to Hybrid Access Gateway Authentication Server via RADIUS.
6. The authentication server validates the OTP with the associated TruID token and PIN from the user database.
7. Upon successful validation, the authentication server responds with successful authentication to Cyberoam.

Cyberoam provides access to the end user.

• Installed and deployed Hybrid Access Gateway, see 5.11 - Deploy Hybrid Access Gateway and do initial setup
• Installed Cyberoam, see https://www.cyberoam.com/

1. Log in to the Hybrid Access Gateway administration interface with your admin user.

1. In the Hybrid Access Gateway administration interface, go to Manage System.
2. Click RADIUS Configuration > Add RADIUS Client...
3. Enter General Settings and Attributes. Click the ?-sign for help.
4. Click Save.

Nexus TruID Synchronized is used as an example. Other Nexus OTP authentication methods are enabled in a similar way.

1. In the Hybrid Access Gateway administration interface, go to Manage System.
   
2. Click Authentication Methods > Add Authentication Method...

3. Select the desired method and click Next.

4. Enter Display Name, a unique name used in the system to identify the authentication method.
   
5. There are different settings that must be done depending on the selected authentication method. For more information , click the ?-sign.
6. Click Next and Finish.
7. Click Publish.

1. Log in to the Cyberoam administrative interface.

2. Navigate to Identity > Authentication > Authentication Server.

3. Click Add to configure RADIUS Server parameters as shown in the table below.

   

   Parameter	Value	Description
   Server Type	RADIUS server	Select RADIUS server. If user is required to authenticate using a RADIUS server, appliance needs to communicate with RADIUS server for authentication.
   Server Name	CR_RADIUS	Specify name to identify the RADIUS server.
   Server IP	172.16.16.18	Specify RADIUS server IP address.
   Authentication Port	1812	Specify port number through which server communicates. By default, the port is 1812.
   Shared Secret	cyberoam	Provide shared secret, which is to be used to encrypt information passed to the appliance.
   Integration Type	Tight Integration	Select Tight Integration with the appliance if you want to use vendor specific attribute for setting the user group membership and specify group name attribute.
   Group Name Attribute	Filter-Id	Group name attribute is vendor specific.

4. Click Test Connection to check if Cyberoam is able to connect to the RADIUS Server.

5. Cyberoam prompts for administrative credentials to test the connection as shown below. Enter the credentials and click Test Connection. If connection is successful, click OK to save the configuration.

6. Go to Identity > Authentication > Firewall.

7. Select RADIUS Server as primary authentication server.
   

8. Click Apply to save configuration.

1. Start Nexus TruID that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.
   
   

2. Enter Key-In domain login id and password along with Nexus TruID OTP.