RADIUS Two-Factor Authentication
RADIUS Two-Factor Authentication enables two-factor authentication on Password Manager. RADIUS Two-Factor Authentication uses one-time passwords to authenticate users on the Self-Service site and Helpdesk site.
To configure RADIUS Two-Factor Authentication in Password Manager, you have to configure the RADIUS server details in Password Manager.
To configure RADIUS Two-Factor Authentication
-
On the home page of the Administration site, click General Settings | RADIUS Two-Factor.
The RADIUS Two-Factor Authentication page is displayed.
-
Click Add RADIUS server to add a new RADIUS server for authentication.
RADIUS Two-Factor Authentication page is displayed.
|
NOTE: You can add only two servers, one is used as a primary server and the other as a secondary server. The server that is created first is considered as the primary server and used for RADIUS authentication. |
-
In the RADIUS Server (IP address or hostname) field, enter the RADIUS server IP address.
-
In the Port number field, enter the port number assigned during configuration of RADIUS.
-
In the RADIUS Shared Secret field, enter the password set during RADIUS configuration.
-
Specify the Active Directory attribute to authenticate the user from the drop-down menu.
-
From the Additional RADIUS Attribute section, select the required RADIUS attribute from the drop-down menu. Specify the value for the selected attribute and click +.
The RADIUS attributes and the corresponding values that you add is displayed.
|
NOTE: The RADIUS attributes supported are NAS-IP-Address, NAS-Port, NAS-Port-Type, and NAS-Identifier. |
- Click Save.
For more information, see Authenticate with RADIUS Two-Factor Authentication.
Working with RADIUS servers
You can create two RADIUS servers to authenticate users on the Self-Service site and Helpdesk site through RADIUS Two-Factor authentication.
To configure RADIUS Two-Factor Authentication in Password Manager, you have to configure the RADIUS server details in Password Manager. For more information on creating and configuring a RADIUS server, see RADIUS Two-Factor Authentication.
To swap RADIUS servers
-
On the home page of the Administration site, click General Settings | RADIUS Two-Factor.
The RADIUS Two-Factor Authentication page is displayed along with the primary and secondary servers.
-
Click Interchange RADIUS servers to swap the priority of the RADIUS servers between primary and secondary priority.
To modify RADIUS servers
-
On the home page of the Administration site, click General Settings | RADIUS Two-Factor.
The RADIUS Two-Factor Authentication page is displayed along with the primary and secondary servers.
-
Click the modify icon to modify the properties and attributes of RADIUS servers.
|
NOTE: The status of the RADIUS server is periodically scanned every 5 minutes. |
To disable RADIUS servers
-
On the home page of the Administration site, click General Settings | RADIUS Two-Factor.
The RADIUS Two-Factor Authentication page is displayed along with the primary and secondary servers.
-
Click Disable to disable a RADIUS server.
-
A message is displayed to confirm, click Disable.
The server is disabled.
|
NOTE:
-
On disabling a RADIUS server, the other RADIUS server by default becomes the primary server.
-
You can enable a server that was disabled earlier. |
To delete RADIUS servers
-
On the home page of the Administration site, click General Settings | RADIUS Two-Factor.
The RADIUS Two-Factor Authentication page is displayed along with the primary and secondary servers.
-
Click Delete permanently delete the RADIUS server.
-
A message is displayed to confirm, click Delete.
The server is Deleted.
During a workflow execution, the ping to the RADUIS server to check the status of the RADIUS server is temporarily interrupted. The status check continues after the authentication process in the workflow is completed successfully.
For more information, see Authenticate with RADIUS Two-Factor Authentication.
Internal Feedback
Administrators can define URLs and labels to form a link on PMAdmin, PMHelpdesk and PMSelfService sites, to allow users to give feedback on Password Manager.
To enable feedback on a site
-
Navigate to General Settings > Internal Feedback.
-
Enable feedback, and provide a non-empty label and a non-empty URL.
NOTE: If the provided label or URL is empty, the feedback link will not appear on the configured site.
In case of PMAdmin site feedbacks, the Feedback button will be displayed after a new session is opened, for example, by logging out and then logging in.
Password Manager components and third-party applications
The following sections describe Password Manager components and third-party applications.