Showing results for 
Search instead for 
Did you mean: 

Authentication: Failback to local authentication?

Not applicable

Authentication: Failback to local authentication?


I've recently had a scenario where a customer wants to implement RADIUS-based authentication, but would like to fallback to a LOCAL (i.e. on-box) authentication if and when the RADIUS is unavailable.

The PCS is replacing their old Cisco box and they are not willing to remove this feature.

To detail a bit:
- users only connect using Pulse Secure Client on Windows or Mac
- users only use a single URL
- users authenticate using username/password
- credentials must be validated against a list of radius servers
* IF no radius replies, PCS must run the credentials against the internal database; no other external requests must be made
* local authentication should NEVER be available if radius server(s) is(are) functional (i.e. port open, replies coming for each request)

This final two points (with a *) have posed a bit of a problem, as there does not seem to be a way to select a second fallback authentication method.

Can PCS do this? If so, how?

Thanks in advance!

Re: Authentication: Failback to local authentication?

No, the PCS does not have this capability. I would recommend contacting your account team to work with the product management team to investigate this option as it is a deal-killer and Cisco has it.