Secure External Authentication?

We have a test SFM set up in Azure and are looking for a way to secure the external authentication communication.  The LDAP server type doesn't seem to work using SSL on port 636, only clear on port 389.  The RADIUS server has no documentation on what RADIUS server settings to use, but from what I have been able to see on a Windows 2016 NPS server the SFM is requesting to use CHAP authentication, which would require storing reversible passwords in AD, so that's a no-go.

We are looking into the external authentication methods because there doesn't seem to be a way to let a user change their password without giving them full access to all the Users settings on the Administration page.

 

Any help would be appreciated.

  • An update:

    After the upgrade to SFM 17.1.0 we were able to get RADIUS to authenticate, but only using PAP authentication, so again, not ideal.

    Any way of configuring a VPN tunnel on SFM to protect this traffic, or better yet, options for secure RADIUS or LDAP?