Thycotic Secret Server - local password + inwebo Radius integration

The following steps are necessary to configure Thycotic Secret Server to use inWebo RADIUS servers to authenticate users with multi-factor authentication in addition to the local login / password.

How to configure inWebo to accept authentication requests issued by Thycotic Secret Server

On the inWebo management console

  • go the “Secure Sites” tab

  • in the “Connectors” column click on “Add a connector of type” and select “Radius Push”

  • Fill in the “IP Address” field with the IP of the public interface of your device (or NAT address if behind a firewall).

  • Enter the “secret” configured previously on NPS.

  • Validate your connector configuration by pressing “Add” or “Update” button.

Point to be noted: “Any configuration or modification made to your RADIUS connector will be applied at the start of the next hour”.

How to configure inWebo RADIUS servers on Thycotic Secret Server

Navigate to Administration menu > Configuration > Login.

Click the Edit button at the bottom of the screen.

Check “Enable RADIUS Integration” and type the following:

  • RADIUS Login Explanation: “Leave the password blank to receive a notification on Authenticator. Or enter an OTP if your Authenticator is offline.”

  • RADIUS Server Port :1812

  • RADIUS Server IP : 95.131.139.137

  • RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously

  • Time Out: 60

Check “Enable Failover RADIUS Server”

  • Failover RADIUS Server Port: 1812

  • Failover RADIUS Server IP: 217.69.22.59

  • Failover RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously

  • Failover Time Out: 60

Click the “Save” button.

To test the RADIUS settings:

  • Click the Test RADIUS Login button at the bottom of the page. A popup appears.

  • Type the RADIUS username and provide an OTP or leave blank to receive a push on Authenticator.

  • Click the OK button.

How to enforce inWebo MFA for Thycotic Secret Server users

After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:

Sign into an account with “Administer Configuration” and “Administer RADIUS” permissions.

Navigate to Administration > Users.

The Users page appears. Select the desire user.

Click the Edit button.

Select “Radius” as “Multifactor Authentication”.

Type the inWebo login in the RADIUS User Name text box. NOTE: This must match the inWebo login username on the RADIUS server.

Click Save.

Repeat these steps for each user that needs to use RADIUS.