Trustbuilder MFA by inWebo
Trustbuilder MFA by inWebo
Breadcrumbs

Thycotic Secret Server - local password + inwebo Radius integration

The following steps are necessary to configure Thycotic Secret Server to use inWebo RADIUS servers to authenticate users with multi-factor authentication in addition to the local login / password.

How to configure inWebo to accept authentication requests issued by Thycotic Secret Server

On the inWebo management console

  • go the “Secure Sites” tab

  • in the “Connectors” column click on “Add a connector of type” and select “Radius Push”

image-20201002-150042.png

  • Fill in the “IP Address” field with the IP of the public interface of your device (or NAT address if behind a firewall).

  • Enter the “secret” configured previously on NPS.

  • Validate your connector configuration by pressing “Add” or “Update” button.

image-20201002-150525.png

Any modification made to your radius configuration will be applied within the next 15 minutes.

How to configure inWebo RADIUS servers on Thycotic Secret Server

Navigate to Administration menu > Configuration > Login.

image-20210414-181906.png

Click the Edit button at the bottom of the screen.

Check “Enable RADIUS Integration” and type the following:

  • RADIUS Login Explanation: “Leave the password blank to receive a notification on Authenticator. Or enter an OTP if your Authenticator is offline.”

  • RADIUS Server Port :1812

  • RADIUS Server IP : 95.131.139.137

  • RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously

  • Time Out: 60

Check “Enable Failover RADIUS Server”

  • Failover RADIUS Server Port: 1812

  • Failover RADIUS Server IP: 217.180.130.59

  • Failover RADIUS Shared Secret: enter that same secret provided on the inWebo platform previously

  • Failover Time Out: 60

Click the “Save” button.

image-20210414-182157.png

To test the RADIUS settings:

  • Click the Test RADIUS Login button at the bottom of the page. A popup appears.

  • Type the RADIUS username and provide an OTP or leave blank to receive a push on Authenticator.

  • Click the OK button.

How to enforce inWebo MFA for Thycotic Secret Server users

After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:

Sign into an account with “Administer Configuration” and “Administer RADIUS” permissions.

Navigate to Administration > Users.

image-20210414-183033.png

The Users page appears. Select the desire user.

Click the Edit button.

image-20210414-190313.png

Select “Radius” as “Multifactor Authentication”.

Type the inWebo login in the RADIUS User Name text box. NOTE: This must match the inWebo login username on the RADIUS server.

image-20210414-190851.png

Click Save.

Repeat these steps for each user that needs to use RADIUS.