Start by giving the scenario a friendly name and description. Then click Next. 

Enter a search filter. This will be used to locate the authenticating user.  Configure the search base by browsing through clicking "Choose" or manually enter the search base root. None of the values may be blank.

Example to login using email as username:

mail={{request.User-Name}}

This following example will only allow users that are member of the OTP-GROUP and title starting with Manager.

(&(sAMAccountName={{request.User-Name}})(memberof=cn=OTP-GROUP,ou=groups,dc=phenixid,dc=local)(title=Manager*))

Select existing or create new RADIUS server.

To create a new RADIUS server, follow the steps in the RADIUS connection guide.

The Radius Client will be the IP address allowed by the system to use this listener/connection.

So set the IP address of the application secured by PhenixID server two-factor authentication. As well as the secret corresponding to the application.

Attribute selector will be used if the application has the possibility to allow the users to choose different authentication methods, for instance SMS or OATH.

This value can be either exact match, 44=SMS, or a regular expression, 44=^.*Token.*$, any string containing the word Token.

In the example above the value 44 is the RADIUS attribute containing the selector, but the RADIUS attribute can be different depending on the application.

Click Create to complete the scenario.

After a couple of seconds the RADIUS server is ready to handle incoming authentication requests.

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.