Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Integrated Windows Authentication and Two-Factor Authentication

Written by Thycotic Team

April 11th, 2013

This blog post was originally written in 2013.  For the most up to date information on Secret Server’s Two-Factor Authentication capabilities, please visit:

Secret Server Features Page: Our features are among the reasons so many IT Admins and IT Security pros consider Secret Server the best Privileged Access Management software in the market.  Find information on the key features available in each version of Secret Server.

Secret Server Documentation: Secret Server supports a second layer of authentication, called multi-factor authentication (MFA) or two-factor authentication (2FA), for added security. This section, within the documentation, discusses several options.

In Google Chrome and Internet Explorer with Integrated Windows Authentication, enabled users are automatically signed in to Secret Server when they visit the site using their Active Directory credentials. This feature reduces the number of passwords that a user has to type, and the possibility of a forgotten password. This also allows domain administrators to specify a password policy that Secret Server will adhere to, such as password strength and password history.

Radius Configuration

Two-Factor Authentication in Secret Server forces users to enter another form of authentication on login, such as a pin or token. Secret Server comes with its own built-in email two-factor authentication, and supports the existing infrastructure to make use of RADIUS two-factor systems. This adds another layer of security to user accounts, however, it increases the number of steps required to access Secret Server. Using two-factor authentication helps prevent a scenario where a user might walk away from a workstation while logged in and an attacker could walk up to it and login to Secret Server.