Thycotic Secret Server - local password + inwebo Radius integration
The following steps are necessary to configure Thycotic Secret Server to use inWebo RADIUS servers to authenticate users with multi-factor authentication in addition to the local login / password.
How to configure inWebo to accept authentication requests issued by Thycotic Secret Server
On the inWebo management console
go the “Secure Sites” tab
in the “Connectors” column click on “Add a connector of type” and select “Radius Push”
Fill in the “IP Address” field with the IP of the public interface of your device (or NAT address if behind a firewall).
Enter the “secret” configured previously on NPS.
Validate your connector configuration by pressing “Add” or “Update” button.
Any modification made to your radius configuration will be applied within the next 15 minutes.
How to configure inWebo RADIUS servers on Thycotic Secret Server
Navigate to Administration menu > Configuration > Login.
Click the Edit button at the bottom of the screen.
Check “Enable RADIUS Integration” and type the following:
RADIUS Login Explanation: “Leave the password blank to receive a notification on Authenticator. Or enter an OTP if your Authenticator is offline.”
RADIUS Server Port :1812
RADIUS Server IP : 220.127.116.11
RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously
Time Out: 60
Check “Enable Failover RADIUS Server”
Failover RADIUS Server Port: 1812
Failover RADIUS Server IP: 18.104.22.168
Failover RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously
Failover Time Out: 60
Click the “Save” button.
To test the RADIUS settings:
Click the Test RADIUS Login button at the bottom of the page. A popup appears.
Type the RADIUS username and provide an OTP or leave blank to receive a push on Authenticator.
Click the OK button.
How to enforce inWebo MFA for Thycotic Secret Server users
After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:
Sign into an account with “Administer Configuration” and “Administer RADIUS” permissions.
Navigate to Administration > Users.
The Users page appears. Select the desire user.
Click the Edit button.
Select “Radius” as “Multifactor Authentication”.
Type the inWebo login in the RADIUS User Name text box. NOTE: This must match the inWebo login username on the RADIUS server.
Repeat these steps for each user that needs to use RADIUS.