RADIUS User Authentication

Secret Server allows the use of Remote Authentication Dial-In User Service (RADIUS) two-factor authentication on top of the normal authentication process for additional security needs. Secret Server acts as a RADIUS client that can communicate with any server implementing the RADIUS protocol.

Configuring RADIUS

Set up RADIUS on the Login tab of the Configuration page. This requires enabling RADIUS Integration, specifying the server address, the ports, and the RADIUS shared secret. The shared secret is a specific term for RADIUS clients and is not a reference to secrets in Secret Server.

You can customize the RADIUS "Login Explanation" to give users detailed instructions for entering their RADIUS information.

Once enabled, the Test RADIUS Login button appears on the Login tab for testing the communication with the RADIUS Server. If you have a failover RADIUS Server, you can specify it by clicking the Enable RADIUS Failover checkbox and entering the required information. If the primary RADIUS server cannot be accessed, the failover server is be used.

Enabling RADIUS for a User

After enabling RADIUS on your Secret Server, you must enable RADIUS two-factor authentication for each user on a per-user basis. On the User Edit page, type the RADIUS User Name for this user to match the RADIUS server. RADIUS can be enabled for new users by domain.