Enabling RADIUS Two-Factor Authentication
Procedure
Secret Server allows the use of RADIUS two-factor authentication on top of the normal authentication process for additional security.
To configure RADIUS for the Secret Server instance:
-
Log on Secret Server with an account with "Administer Configuration" and "Administer RADIUS" permissions.
-
Navigate to Administration menu.
-
Type RADIUS in the search box and press <Enter>. The RADIUS Configuration page appears.
-
Click the Edit button.
-
Type the following as needed:
- RADIUS Login Explanation (custom message or instruction). Defaults to "Please enter your RADIUS passcode."
- RADIUS Client Port Range (default 1812)If your RADIUS server runs on the same machine as Secret Server, the client and server ports must be different.
- RADIUS Server Port (default 1812 for RSA and 1812 for AuthAnvil).
- RADIUS Server IP (IP address to your RADIUS Server). See RADIUS IP Addresses.
- Leave Use Same RADIUS Shared Secret for All Users selected.
- RADIUS Shared Secret, which must match chosen RADIUS shared secret on your RADIUS Server. (Shared Secret is a RADIUS term and not related to any Secret Server secret.)
Attempt Silent Authentication: Silent answer is a new configuration option for RADIUS that allows setting the RADIUS response to a defined string value. This is to support push notification and other interactive variations in advanced RADIUS authentication configuration. The new setting replaces "Attempt User Password" and allows for sending the user password or another predefined string. -
Click the Save button.
To test RADIUS settings:
-
Click the Test RADIUS Login button. A popup appears.
-
Type the RADIUS username and password.
-
Click the OK button.
-
After enabling RADIUS on Secret Server, you must enable RADIUS two-factor authentication for each user:
-
Sign into an account with "Administer Configuration" and "Administer RADIUS" permissions.
-
Navigate to Administration > Users. The Users page appears.
-
Select the desire user.
-
Click the Edit button.
-
Click to select the RADIUS Two Factor Authentication check box.
-
Type the username in the RADIUS Username text box.
NOTE: Secret Server defaults this value to its username. If you wish to use this default name, it must match the username on the RADIUS server.
-
Review the settings and click Save.
-
Repeat these steps for each user that needs to use RADIUS.
-
RADIUS IP Addresses
Inbound allowlisting is necessary if RADIUS authentication is configured. IP addresses:
secretservercloud.com
- 20.65.118.12 (Primary)
- 23.102.107.104 (Primary)
- 23.102.107.220 (Primary)
- 23.102.106.185 (Primary)
- 23.102.108.55 (Primary)
- 52.224.253.7 (Primary)
- 52.224.253.4 (Primary)
- 52.151.206.73 (Primary)
- 52.151.206.77 (Primary)
- 52.151.206.35 (Primary)
- 52.160.67.39 (DR)
- 52.160.67.38 (DR)
- 104.40.25.170 (DR)
- 138.91.163.99 (DR)
- 137.135.51.234 (DR)
secretservercloud.co.uk
- 20.0.46.111 (Primary)
- 51.142.243.172 (Primary)
- 20.0.46.112 (Primary)
- 20.0.46.123 (Primary)
- 20.0.46.124 (Primary)
- 51.104.62.220 (Secondary)
- 51.104.62.213 (Secondary)
- 51.104.63.38 (Secondary)
- 51.104.62.185 (Secondary)
- 51.104.62.252 (Secondary)
secretservercloud.ca
- 52.228.117.246 (Primary)
- 52.228.113.119 (Primary)
- 52.139.7.40 (Primary)
- 52.139.7.137 (Primary)
- 52.139.7.197 (Primary)
- 52.229.119.193 (DR)
- 52.229.119.89 (DR)
- 52.235.39.79 (DR)
- 52.235.39.125 (DR)
- 52.235.39.5 (DR)
secretservercloud.eu
- 20.79.64.213 (Primary)
- 20.79.65.3 (Primary)
- 20.79.226.78 (Primary)
- 20.79.226.180 (Primary)
- 20.79.226.116 (Primary)
- 20.50.180.242 (DR)
- 20.50.180.187 (DR)
- 20.50.154.28 (DR)
- 20.50.176.86 (DR)
- 20.50.156.219 (DR)
secretservercloud.com.sg
- 20.195.97.220 (Primary)
- 20.195.98.154 (Primary)
- 20.212.128.73 (Primary)
- 20.212.128.75 (Primary)
- 20.212.128.74 (Primary)
- 65.52.165.108 (DR)
- 65.52.160.251 (DR)
- 52.184.100.188 (DR)
- 52.184.101.189 (DR)
- 52.184.101.213 (DR)
secretservercloud.com.au
- 20.37.251.37 (Primary)
- 20.37.251.120 (Primary)
- 20.37.5.233 (Primary)
- 20.37.5.227 (Primary)
- 20.37.5.48 (Primary)
- 20.53.142.34 (DR)
- 20.53.142.37 (DR)
- 20.53.80.77 (DR)
- 20.53.81.216 (DR)
- 20.53.82.77 (DR)