LoginTC Integration Guide

LoginTC® provides cloud-based authentication through the RADIUS protocol. This document describes how to integrate LoginTC two-factor authentication with a WatchGuard Firebox and the WatchGuard Mobile VPN with SSL client.

LoginTC Authentication Data Flow

This diagram shows the data flow of a two-factor authentication transaction for LoginTC with the RADIUS protocol.

Platform and Software

The hardware and software used to complete the steps outlined in this document include:

  • Firebox with Fireware v11.11.4 installed
  • LoginTC Radius Connector 2.3.0

Configure LoginTC Cloud

You must create a domain for your RADIUS connector, then install and configure the RADIUS connector.

RADIUS Domain Creation

To create a LoginTC domain for your RADIUS connector:

  1. Log in to LoginTC Admin.

  1. Select Domains.

  1. Click Create your first domain.
    The Create Domain page appears.
  2. In the Name text box, type the domain name.
  3. In the Connector section, select RADIUS.
  4. In the Key Policy section, select PIN.

Install Radius Connector

  1. Download the Radius Connector from the LoginTC website at https://www.logintc.com/docs/downloads/radius-connector.html.
  2. Unzip the downloaded file and import it on your server.
    The LoginTC RADIUS Connector Configuration console appears.

  1. In the Password and Confirm Password text boxes, type the LoginTC user password.

  1. From the Appliance Options menu, select Network Configuration.
  2. In the Network Configuration section, type the IP address.

  1. From the Appliance Options menu, select DNS Configuration.
  2. In the DNS Configuration section, type the DNS address.

  1. From the Appliance Options menu, select Web Server.
  2. Select Start. It can take 30–60 seconds for the web server to start the first time.

  1. After the web server starts, access the web interface with the URL that appears in the Notice box.

Configure the RADIUS Connector

  1. Open a web browser and navigate to your LoginTC RADIUS Connector web interface URL. This is the URL from the Notice box in the LoginTC RADIUS Connector Configuration console.
  2. Type your user name and password. In our example, we use logintc-user as the user name.

  1. To create your configuration, click Create.
  2. To configure the LoginTC organization and domain to use, type the API key and domain ID.
  3. Click Test.
  4. Click Next.

  1. For First Factor, select the first authentication factor to use with LoginTC. In our example, we select RADIUS.
  2. In the Host text box, type the IP address of the RADIUS server.
  3. To specify an optional, non-standard port number for your RADIUS server, in the Port text box type the port number that your RADIUS server uses for communication.
  4. In the Secret text box, type the shared secret used by the RADIUS server and the LoginTC RADIUS Connector.
  5. Click Test.
  6. Click Next.

  1. To specify which users are challenged with LoginTC, select Static List.
  2. In the LoginTC challenge users text box, type one or more user names. In our example, we use tang as our authentication user.

  1. To configure the RADIUS client, type the RADIUS client name, IP address, and secret.

  1. Click Test to validate the configuration. Then click Save.

Test RADIUS Connector

  1. Log in to LoginTC Admin.
  2. Select Domains.
  3. Select your domain.
  4. Click Create Member.

  1. On the Create User page, in the Personal Details section, type the user name, name, and email address of the user. In our example, we type the user name tang.
  2. Click Create.

  1. Click Issue Token.

  1. Open your LoginTC mobile app and type the 10-character alphanumeric activation code. Lock the token with a PIN.

  1. After you load a token for the new user and domain, go to your LoginTC RADIUS Connector web interface URL.
  2. Click Test Configuration.

  1. Type a valid user name and password. Click Test Configuration.
    A simulated authentication request is sent to the LoginTC mobile app.

  1. Approve the request.

Configure the WatchGuard Firebox

To configure your Firebox for RADIUS authentication:

  1. Connect to your Firebox with Fireware Web UI.
  2. Select Authentication > Servers > RADIUS.

  1. On the RADIUS configuration page, type the RADIUS Connector IP address, port number, and passphrase.
  2. Click Save.

  1. Select VPN > Mobile VPN with SSL.
  2. Select the Activate Mobile VPN with SSL check box.
  3. In the Primary text box, type the IP address of your Firebox.

  1. Select the Authentication tab.
  2. Select the RADIUS check box.

  1. To add an SSLVPN-user, click Add.

  1. In the Add User or Group window, select User.
  2. Type the user name.
  3. From the Authentication Server list, select RADIUS.
  4. Click OK.
  5. Click Save.

Test the Integration

We use Mobile VPN with SSL to test the integration.

To download and configure the Mobile VPN with SSL client software from the Firebox:

  1. Go to the SSL VPN web portal at https://< Firebox IP address>.

  1. In the Username text box, type the user name that you specified in LoginTC.
  2. In the Password text box, type the password that you specified in LoginTC.
  3. From the Domain drop-down list, select RADIUS. If RADIUS is the only authentication method that you specified for Mobile VPN with SSL, the Domain drop-down list does not appear.
  4. Click Login.
    Your LoginTC mobile app receives an authentication request.
  5. In your LoginTC mobile app, tap Approve. Then type your four-digit PIN.


  1. After you successfully authenticate, the download page appears. Download the appropriate version of the VPN client for your operating system.

Mobile VPN with SSL Client Authentication

After you download and install the Mobile VPN with SSL client on your computer, you can use the same authentication process to connect to the Firebox with the Mobile VPN with SSL client.