How RADIUS Configuration Works with Junos Scope

This section provides an overview of how Junos Scope RADIUS configuration works to enable remote users with RADIUS accounts to log in with appropriate permissions. The general sequence is as follows:

  1. The RADIUS server administrator configures the RADIUS server(s) with Juniper Networks vendor-specific RADIUS attributes and user account records. (See Configuring the RADIUS Server.)
  2. The RADIUS administrator ensures that all RADIUS servers are up and running.
  3. The Junos Scope software administrator logs in to Junos Scope with superuser permissions, and adds the RADIUS server host information in Junos Scope. (See Setting Up RADIUS Configuration in Junos Scope.)
  4. The Junos Scope administrator adds local and remote template accounts as needed in Junos Scope. (See Configuring RADIUS Local and Remote Template Accounts in Junos Scope.)
  5. A user with a RADIUS account logs in to the Junos Scope software with username and password.
  6. The Junos Scope software forwards a request to the RADIUS server to authenticate the user’s login name.
  7. If authentication succeeds, the RADIUS server returns the local username attribute to the Junos Scope software.
  8. The template account (user) set up in Junos Scope determines the user group to which the RADIUS user belongs after log in.
  9. The user logs in successfully with Junos Scope permissions derived from the least restrictive permission levels of all user groups to which the user belongs.