Thycotic Secret Server - local password + inwebo Radius integration
The following steps are necessary to configure Thycotic Secret Server to use inWebo RADIUS servers to authenticate users with multi-factor authentication in addition to the local login / password.
How to configure inWebo to accept authentication requests issued by Thycotic Secret Server
On the inWebo management console
go the “Secure Sites” tab
in the “Connectors” column click on “Add a connector of type” and select “Radius Push”
![](../__attachments/2912355284/image-20201002-150042.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
Fill in the “IP Address” field with the IP of the public interface of your device (or NAT address if behind a firewall).
Enter the “secret” configured previously on NPS.
Validate your connector configuration by pressing “Add” or “Update” button.
![](../__attachments/2912355284/image-20201002-150525.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
Any modification made to your radius configuration will be applied within the next 15 minutes.
How to configure inWebo RADIUS servers on Thycotic Secret Server
Navigate to Administration menu > Configuration > Login.
![](../__attachments/2912355284/image-20210414-181906.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
Click the Edit button at the bottom of the screen.
Check “Enable RADIUS Integration” and type the following:
RADIUS Login Explanation: “Leave the password blank to receive a notification on Authenticator. Or enter an OTP if your Authenticator is offline.”
RADIUS Server Port :1812
RADIUS Server IP : 95.131.139.137
RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously
Time Out: 60
Check “Enable Failover RADIUS Server”
Failover RADIUS Server Port: 1812
Failover RADIUS Server IP: 217.180.130.59
Failover RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously
Failover Time Out: 60
Click the “Save” button.
![](../__attachments/2912355284/image-20210414-182157.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
To test the RADIUS settings:
Click the Test RADIUS Login button at the bottom of the page. A popup appears.
Type the RADIUS username and provide an OTP or leave blank to receive a push on Authenticator.
Click the OK button.
How to enforce inWebo MFA for Thycotic Secret Server users
After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:
Sign into an account with “Administer Configuration” and “Administer RADIUS” permissions.
Navigate to Administration > Users.
![](../__attachments/2912355284/image-20210414-183033.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
The Users page appears. Select the desire user.
Click the Edit button.
![](../__attachments/2912355284/image-20210414-190313.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
Select “Radius” as “Multifactor Authentication”.
Type the inWebo login in the RADIUS User Name text box. NOTE: This must match the inWebo login username on the RADIUS server.
![](../__attachments/2912355284/image-20210414-190851.png?inst-v=cb31dd01-2a8f-4db0-b1a0-efe269175672)
Click Save.
Repeat these steps for each user that needs to use RADIUS.