Enabling RADIUS Two-Factor Authentication in Thyocotic Secret Server 7.0

Starting in Secret Server 7.0,  Secret Server allows the use of RADIUS two-factor authentication on top of the normal authentication process for additional security needs.

To configure RADIUS for your instance of Secret Server, follow the steps below

  1. Login to an account with Administer Configuration and Administer RADIUS permissions.
  2. Go to Administration menu, choose Configuration, and select the Login tab.
  3. You need to setup Secret Server with your RADIUS server information by going into edit mode:
    • Enable RADIUS Integration
    • RADIUS Server IP (IP address to your RADIUS Server).
    • RADIUS Client Port (default 1812, NOTE: if your RADIUS server runs on the same machine as your Secret Server, client and server ports must be different).
    • RADIUS Server Port (default 1812 for RSA and 1812 for AuthAnvil).
    • RADIUS Shared Secret (must match chosen RADIUS shared secret on your RADIUS Server). Note this is a Radius term ("Shared Secret") and is not related to any Secret Server secret.
    • RADIUS Login Explanation (custom message or instruction). Defaults to "Please enter your RADIUS passcode".
  4. Click Save button after you have confirmed your entries.
  5. To test your settings, click the Test RADIUS Login button.


After enabling RADIUS on your Secret Server, you must enable RADIUS two-factor authentication for each user. You can enable it on a per-user basis. To do so, follow the steps below:

  1. Login to an account with Administer Configuration and Administer RADIUS permissions.
  2. Go to Administration menu, choose Users, and click on the User Name of the user you wish to enable.
  3. Click on the Edit button, and check the RADIUS Two Factor Authentication box.
  4. Enter the RADIUS User Name for this user in the text box (NOTE:Secret Server defaults this value to its user name. If you wish to use this default name, it must match the user name on the RADIUS server.)
  5. Review your settings and click Save.
  6. Repeat 3-5 for each user that needs to use RADIUS.
Note: If IP Alias is being used for Secret Server, the IP address of the server will be used by RADIUS server.
Please also note that using RADIUS 'Attempt User Password' option is not supported when Integrated Windows Authentication is enabled. 
For more information please see Thyocotic Secret Server article https://support.thycotic.com/kb/a69/enabling-radius-two-factor-authentication.aspx?KBSearchID=79742


If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section