Enabling RADIUS Two-Factor Authentication

Procedure

Secret Server allows the use of RADIUS two-factor authentication on top of the normal authentication process for additional security.

See the full RADIUS Integration Guide for additional information.

To configure RADIUS for the Secret Server instance:

  1. Log on Secret Server with an account with "Administer Configuration" and "Administer RADIUS" permissions.

  2. Navigate to Administration menu > Configuration > Login.

  3. Click the Edit button.

  4. Type the following:

    • RADIUS Server IP (IP address to your RADIUS Server). See RADIUS IP Addresses.
    • RADIUS Client Port (default 1812)
    If your RADIUS server runs on the same machine as Secret Server, the client and server ports must be different.
    • RADIUS Server Port (default 1812 for RSA and 1812 for AuthAnvil).
    • RADIUS Shared Secret, which must match chosen RADIUS shared secret on your RADIUS Server. (Shared Secret is a RADIUS term and not related to any Secret Server secret.)
    • RADIUS Login Explanation (custom message or instruction). Defaults to "Please enter your RADIUS passcode."

  5. Click the Save button.

To test RADIUS settings:

  1. Click the Test RADIUS Login button. A popup appears.

  2. Type the RADIUS username and password.

  3. Click the OK button.

  4. After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:

    1. Sign into an account with "Administer Configuration" and "Administer RADIUS" permissions.

    2. Navigate to Administration > Users. The Users page appears.

    3. Select the desire user.

    4. Click the Edit button.

    5. Click to select the RADIUS Two Factor Authentication check box.

    6. Type the username in the RADIUS Username text box.

      NOTE: Secret Server defaults this value to its username. If you wish to use this default name, it must match the username on the RADIUS server.

    7. Review the settings and click Save.

    8. Repeat these steps for each user that needs to use RADIUS.

RADIUS IP Addresses

Inbound allowlisting is necessary if RADIUS authentication is configured. IP addresses:

secretservercloud.com

  • 20.65.118.12 (Primary)
  • 23.102.107.104 (Primary)
  • 23.102.107.220 (Primary)
  • 23.102.106.185 (Primary)
  • 23.102.108.55 (Primary)
  • 52.224.253.7 (Primary)
  • 52.224.253.4 (Primary)
  • 52.151.206.73 (Primary)
  • 52.151.206.77 (Primary)
  • 52.151.206.35 (Primary)
  • 52.160.67.39 (DR)
  • 52.160.67.38 (DR)
  • 104.40.25.170 (DR)
  • 138.91.163.99 (DR)
  • 137.135.51.234 (DR)

secretservercloud.co.uk

  • 20.0.46.111 (Primary)
  • 51.142.243.172 (Primary)
  • 20.0.46.112 (Primary)
  • 20.0.46.123 (Primary)
  • 20.0.46.124 (Primary)
  • 51.104.62.220 (Secondary)
  • 51.104.62.213 (Secondary)
  • 51.104.63.38 (Secondary)
  • 51.104.62.185 (Secondary)
  • 51.104.62.252 (Secondary)

secretservercloud.ca

  • 52.228.117.246 (Primary)
  • 52.228.113.119 (Primary)
  • 52.139.7.40 (Primary)
  • 52.139.7.137 (Primary)
  • 52.139.7.197 (Primary)
  • 52.229.119.193 (DR)
  • 52.229.119.89 (DR)
  • 52.235.39.79 (DR)
  • 52.235.39.125 (DR)
  • 52.235.39.5 (DR)

secretservercloud.eu

  • 20.79.64.213 (Primary)
  • 20.79.65.3 (Primary)
  • 20.79.226.78 (Primary)
  • 20.79.226.180 (Primary)
  • 20.79.226.116 (Primary)
  • 20.50.180.242 (DR)
  • 20.50.180.187 (DR)
  • 20.50.154.28 (DR)
  • 20.50.176.86 (DR)
  • 20.50.156.219 (DR)

secretservercloud.com.sg

  • 20.195.97.220 (Primary)
  • 20.195.98.154 (Primary)
  • 20.212.128.73 (Primary)
  • 20.212.128.75 (Primary)
  • 20.212.128.74 (Primary)
  • 65.52.165.108 (DR)
  • 65.52.160.251 (DR)
  • 52.184.100.188 (DR)
  • 52.184.101.189 (DR)
  • 52.184.101.213 (DR)

secretservercloud.com.au

  • 20.37.251.37 (Primary)
  • 20.37.251.120 (Primary)
  • 20.37.5.233 (Primary)
  • 20.37.5.227 (Primary)
  • 20.37.5.48 (Primary)
  • 20.53.142.34 (DR)
  • 20.53.142.37 (DR)
  • 20.53.80.77 (DR)
  • 20.53.81.216 (DR)
  • 20.53.82.77 (DR)