It is possible to configure RADIUS scenarios so that only a username is required during authentication and not a password. This is done by editing the scenario after it is first set up in the WebUI.

However, it should be noted that other forms of multi-factor authentication might still be used with such RADIUS scenarios, for example OTP, even though the password is not required.

Removing Password Checking from the Execution Flow

With RADIUS scenarios, EasyAccess cannot change the way that the client displays the request for access credentials so the password field will still be displayed, unless the client can be somehow modified. However, password authentication processing can be skipped in EasyAccess by removing the LDAPBindValve from the scenario's execution flow.

For example, assume that a RADIUS Username, Password and OneTouch has been created. Select Scenarios > RADIUS > Username, Password and OneTouch and open the scenario. Select the Execution Flow tab and then delete the valve called LDAPBindValve.

The scenario can now be saved and authentication will execute as normal (usually with some other authentication factor such as OneTouch) but without the password being checked.