Skip to main content

Radius Provider


This feature is still in technical preview, so please report any Bugs you run into on GitHub

You can configure a Radius Provider for applications that don't support any other protocols or require Radius.


This provider requires the deployment of the RADIUS Outpost

Currently, only authentication requests are supported.

Authentication flow

Authentication requests against the Radius Server use a flow in the background. This allows you to use the same policies and flows as you do for web-based logins.

The following stages are supported:

  • Identification

  • Password

  • Authenticator validation

    Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.

    For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password example-password and the code 123456, the input must be example-password;123456.

    SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.

  • User Logout

  • User Login

  • Deny


The RADIUS provider only supports the PAP (Password Authentication Protocol) protocol: