Request Demo
Features Use Cases About Documentation Contact Request Demo

Quick Start Guide

Get Warden up and running in 10 minutes or less

Welcome to Warden! This guide walks you through the essential steps to get your first authentication working. By the end, you'll have users authenticating through your network devices using Warden's RADIUS service.

VM Appliance Quick Start (macOS)

Running Warden as a VM appliance on macOS? Here's the fastest path to get started:

  1. Prerequisites: Install VMware Fusion 25H2 or newer
  2. Import: Unzip the appliance package and double-click the .vmx file
  3. Network: Configure VM network settings as needed (bridged mode recommended for LAN access)
  4. Boot & Configure: Start the VM, press 2 for network config, then 2 again for DHCP
  5. Wait: Allow ~15 seconds for background services to initialize
  6. Access: Browse to the displayed IP address, accept the self-signed certificate, and complete the setup wizard
help_outline The setup wizard guides you through initial configuration. Press ? on any page for detailed contextual help.

Before You Start

  • Warden is installed and you can access the web interface
  • You know the IP address of your network device (switch, AP, firewall)
  • You have credentials for a user in your directory (AD, LDAP, etc.)
  • Your network device supports RADIUS authentication
First boot? If you see a "Please Wait" screen after installation, Warden is still starting its services. This typically takes 30-60 seconds on first boot. The setup wizard will appear automatically once ready.
1
Add an Identity Provider ~2 minutes

First, tell Warden where your users live. Navigate to My Providers and click Add Provider.

For most organizations, you'll choose one of these:

  • LDAP - For Active Directory or OpenLDAP servers
  • Azure AD - For Microsoft 365 / Azure Active Directory
  • Google Workspace - For Google-based organizations
Just testing? Create a Local identity provider and add users manually - no external directory needed.
2
Test the Connection ~1 minute

Before going further, verify Warden can reach your identity provider. Click the menu (⋮) next to your provider and select Test Connection.

Enter a real username and password from your directory. You should see a success message with the user's details.

Connection failed? Check our LDAP troubleshooting guide. Most issues are firewall rules or service account permissions.
3
Create a Policy ~2 minutes

Policies define how authentication works. Go to Policies and click Create Policy.

At minimum, you need to:

  1. Give your policy a name (e.g., "Standard Access")
  2. Add your identity provider to the authentication chain
  3. Save the policy

That's enough to get started! You can add 2FA requirements, time restrictions, and RADIUS attributes later.

Want VLAN assignment? Check out Response Attributes after you've verified basic authentication works.
4
Register Your Network Device ~2 minutes

Now tell Warden about the device that will send authentication requests. Go to Hosts and click Add Host.

Enter:

  • Name - A friendly name (e.g., "Lobby Switch")
  • IP Address - The device's IP (this is how Warden identifies it)
  • RADIUS Secret - A shared password (you'll use this same secret on the device)
  • Policy - Select the policy you just created
Use a strong, randomly-generated RADIUS secret. Avoid dictionary words or simple patterns.
5
Configure Your Network Device ~3 minutes

On your switch, access point, or firewall, configure RADIUS authentication:

  • RADIUS Server IP - Warden's IP address
  • Authentication Port - 1812 (standard RADIUS)
  • Accounting Port - 1813 (if using accounting)
  • Shared Secret - Same secret you entered in Warden
Using push-based 2FA? Set the RADIUS timeout to 60-90 seconds. Default timeouts (usually 5-10 seconds) are too short for users to respond to push notifications.
6
Test Authentication ~1 minute

You're ready! Try authenticating through your network device using a real user account.

It worked? Congratulations! You've got Warden up and running. Explore the other documentation sections to learn about advanced features.
Something went wrong? Head to NAC Tracer to see exactly what happened during the authentication attempt.

What's Next?

Now that basic authentication is working, here are some things you might want to explore:

Add Two-Factor Authentication

Require TOTP codes or push notifications for extra security
Configure VLAN Assignment

Return VLAN IDs based on user groups
Organize with Host Groups

Group similar devices for easier management
Configure Backups

Automatic daily backups enabled by default