Skip to main content

Keep the keys to the kingdom safe by adding two-factor authentication to your privileged access management server.

Thycotic Secret Server is a privilege access management software solution that manages passwords and secrets for administrators and other users.  While there's some overlap with WiKID's two-factor authentication for administrators capabilities, Thycotic is focused on access management, compliance and integration with applications. 

If you're going to put all your eggs in one basket, you had better protect that basket, though.  Luckily it is simple to add two-factor authentcation to Thycotic's Secret Server - Professional Edition using RADIUS.

On the Thycotic Secret Server, click on the Admin link and then the Login tab.  At the bottom of the page, click Edit. 

Thycotic Secret server two-factor authentication

Enter a helpful login explanation and the IP address of your WiKID Server.  Enter the Shared Secret that you will also enter on the WiKID server.  Click Save.

Go back to the Admin link and click on Users in the dropdown.  You have to manually edit every user that you want to use two-factor authentication.  Click on a user and then Edit. 

Two-factor by user

Click save and do the same for any other users.

On the WiKID server, you just need to add the Thycotic Secret Server as a Network Client (and register the user's tokens).

Thycotic to WiKID for 2FA radius

Give the Network Client a name and enter the IP Address of the Thycotic Secret Server.  Select radius and choose a WiKID domain for this setup. 

Radius shared secret

Enter the same shared secret as you did on the Thycotic Server and click Add NC.  You will need to run 'wikidctl restart' because  RADIUS caches a lot of information.

That's it.  The WiKID one-time passcode will now be required to login. Note that Thycotic is setup to treat RADIUS authentication like 'two-step authentication'.  This means that on the first screen, you login with your Thycotic username and password:

Thycotic Secret Server login

After that, you will be prompted for the one-time passcode:

 

Enter your WiKID one-time passcode here. 

Thycotic has a free thirty day evaluation just like WiKID.  So you can test both before purchase. 

 

 

 

 

 



 

Copyright © WiKID Systems, Inc. 2017 | Two-factor Authentication