Configure SecureAuth using RADIUS | PS Pathfinder

What is SecureAuth?

SecureAuth is an identity and access management solution that provides secure authentication and single sign-on (SSO) capabilities.

How is it useful?

Using SecureAuth with RADIUS combines centralized authentication with strong two-factor security. When BeyondInsight or Password Safe users log in, SecureAuth communicates via the RADIUS protocol to verify both their primary credentials and a second factor, such as a one-time password or mobile verification. This ensures that only authorized users can access critical systems, reduces the risk of credential compromise, and allows organizations to manage authentication policies centrally while maintaining strong security standards.

Use the following procedures to configure SecureAuth two-factor authentication with Password Safe and RADIUS.

1. Install the SecureAuth app on a mobile device and click the bar code to scan.
2. In the Password Safe platform, perform the following:
   • Configure RADIUS, ensuring UDP port 1812 is open for the SecureAuth instance.
   • Create a group with role access for managed accounts.
   • Create a user. The user must also be a user in the SecureAuth system.
   • Enable two-factor authentication for the user. Map the user to the account name in SecureAuth.

Test the configuration

1. Log in to the Password Safe web portal using the user account that you created.
2. Enter 1 to receive the passcode in a text message.
3. Retrieve the passcode from your mobile device.
4. Enter the passcode on the Password Safe web portal login page, and then click Login.
5. Test other login methods.

ℹ️

For the push method (4), increase the timeout to 30 seconds.