Passport provides authentication services for secure network access with a very high degree of functionality and configurability:
- RADIUS authentication and accounting supporting multiple authentication methods (PAP, CHAP, MSCHAP, MACHAPv2, MD5, GTC, TTLS, PEAP and TLS).
- Multiple authentication profiles.
- Optional authorization and session policies with support of session control through Change of Authorization (CoA) functionality.
- HTTPS login portals.
- User auto registration portals with optional contact authorization.
- Client hardware address caching.
- Certification authorities for certificate based authentication (TLS).
- HTTPS enrollment portals for certificate based authentication (TLS) client auto provisioning.
- Trends. Long term authentication, performance and traffic reports.
- Extensive help with application examples for Aruba, Fortinet and AirPort access devices.
it is possible to set very complex configurations entirely from the graphical user interface.
Multiple authentication profiles allow to provide different authentication services simultaneously. Each profile can use several user identity databases to authenticate and authorize network clients. Identity sources include local user databases, local Certification Authorities and external LDAP servers.
Authentication profile establish RADIUS authentication services with particular characteristics and can additionally define an HTTPS authentication portals.
Profiles optionally establish authorization and session policies with support of session control through Change of Authorization (CoA) functionality. Policies can check RADIUS attributes, session parameters and client device type.
Authentication portals provide layer 3 authentication in which the user enters their credentials using its web browser to get access to the network. To automate the process of the user account creation, user auto registration with optional contact authorization is available.
Authentication portals are normally used to implement guest access. Client hardware address authentication can be enabled to prevent customers from having to re-authenticate during a period of time.
Digital identities generated by local Certification Authorities (CA's) are used to implement certiticate based authentication (TLS).
To automate the distribution and installation of the digital identities to the client devices, each CA can define an enrollment portal to provide client auto provisioning.
Authentications and sessions are shown in real time and you can get detailed information about the authentication method, the identity database used to authenticate the user and session data obtained through RADIUS accounting received from the access device such as the client IP address and the download and upload traffic.
Additionally, the request, reply and session RADIUS attributes can be examined for debugging.