Showing results for 
Search instead for 
Did you mean: 
Create a Post

PDP/PEP Backwards Compatibility?

I am currently running a dedicated Virtual Gateway to act as the Primary PDP that supplies identity data to all the Gateways in our environment. This PDP authenticates against our Corporate Active Directory to populate users into various Access Roles. At the moment, all my Management (SMS, SmartEvent, PDP) is running R80.20. Throughout our environment, I have a mix of R80.20, R80.10 and R77.30 VSX Gateways. 

I would like to begin testing the new RADIUS Two Factor Browser-based Authentication feature that was added in R80.20. If I created another virtual Gateway with IA enabled, configured for 2FA RADIUS Authentication, would the users authenticated via 2FA work with Gateways running on older versions connected with Identity Sharing?

We still use the legacy Client Authentication access model to require users to authenticate with RSA tokens before gaining access to certain environments. I really want to get rid of this and replace it with 2FA via IA but was hoping to not have to wait until all our Gateways get upgraded.

Thanks in advance for everyone's input!


2 Replies

Re: PDP/PEP Backwards Compatibility?

Generally speaking, once identities are acquired by a possibly version-specific method, the sharing of said identities should be backward compatible.

Re: PDP/PEP Backwards Compatibility?

That is the answer I was hoping for! Thanks for confirming, I'll get to building another VM to test it!

0 Kudos