Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Authenticating Guest Users for VPN with Azure AD B2B and SecureW2

Cross-organization collaboration can be tricky for the IT department because they need to make sure the partner’s security policies match their own, then create temporary guest user accounts and ensure they are disabled once the collaboration is complete.

If these boxes aren’t checked, that leaves a major gap in an organization’s network security. Luckily, organizations can leverage Azure AD B2B to easily allow cross-organization access to applications and network infrastructure.

What is Azure AD B2B?

If two organizations want to collaborate, and they both have Azure AD tenants, then they can use Azure AD B2B to share resources and applications. One organization can invite users from another Azure AD tenant and the users can login with their own AD credentials.

With this method, there’s no need for network administrators to create temporary accounts for guest users.

Authenticating Guest Users For VPN Accessazure ad b2b vpn radius

Due to the Covid-19 pandemic, organizations all over the world have shut down their workplaces and are enacting remote work orders. Since employees still need to access their networks, organizations have configured VPNs to securely connect remote workers to network systems and resources.

However, there’s also been a dramatic increase in phishing attacks capitalizing off people’s fears of the pandemic. Unfortunately, VPNs are vulnerable to phishing attacks. Malicious actors can pretend to be a VPN provider claiming the victim’s account is compromised and they need to reset their password.

Passwords are not an effective form of security and any application that is set up with credential-based authentication can easily be compromised. Credentials are often shared among colleagues and credential-based authentication protocols suffer from well-known exploitations.

Although Azure AD B2B removes the need to create and manage accounts for guest users, both collaborator networks are still at risk as long as they authenticate users with credentials. To eliminate the risk, Azure AD admins can integrate with a PKI Service like SecureW2 and use a RADIUS server to securely authenticate users.

Configuring RADIUS to Authenticate Guest Users for VPN

The RADIUS protocol greatly improves network security because it connects remote servers to a centralized server to authenticate and authorize users for network access. VPN servers and firewalls can be configured to use RADIUS servers to authenticate users for access, drastically improving network authentication security.

SecureW2’s CloudRADIUS improves upon the standard RADIUS protocol because it eliminates over-the-air credential theft with certificate-based EAP-TLS authentication. CloudRADIUS is built to run on digital certificates, which can replace passwords as a form of user authentication. It comes with a managed Public Key Infrastructure (PKI) which admins can use to easily provision a certificate to every network device and server.

With SecureW2’s Managed PKI and CloudRADIUS solutions, organizations can implement certificate-based VPN access in under an hour. You can finally rest assured knowing only approved users can access the network.

Enforce Policies to Guest Users with Dynamic CloudRADIUScloud radius azure ad b2b

SecureW2’s CloudRADIUS is powered by our proprietary Dynamic Policy Engine which revolutionizes the way organizations authenticate users and enforce policies. Dynamic CloudRADIUS operates in fundamentally the same way as regular certificate-based RADIUS, but it has one extra step: the RADIUS server references the entity’s directory entry during authentication, both to confirm that the entity is authorized for access and to dynamically enforce policies based on user attributes.

Instead of certificates storing the information necessary for policy enforcement, that data can be stored in the directory. Dynamic CloudRADIUS can then check the directory and make policy decisions regarding user privileges, a method that is more secure and easier to manage. All the benefits of historical LDAP authentication, with none of the password-related risks.

Secure VPN Authentication with CloudRADIUS

Azure admins can integrate SecureW2’s CloudRADIUS into their networks to ensure strong authentication and implement identity-driven policies to further increase network security. Want to learn more about our solutions? Contact us today and we can get you set up with everything you need to make sure your users won’t fall victim to attacks while authenticating to their VPN. Check out our affordable pricing for organizations of all sizes.

Tags: azure
Learn about this author

Sam Metzler

Sam (aka Slammin Salmon, Street Hustler Sam, Samilstilskin) is a copywriter within the marketing team and a man of many nicknames. He has a degree in Marketing from the University of North Texas with previous experience in mortgage marketing and financial services.

Authenticating Guest Users for VPN with Azure AD B2B and SecureW2