Contents x
    Authenticators
    • 07 Jul 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Authenticators

    • Updated on 07 Jul 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Authenticators are used to provide multi-factor authentication in the Liquit Workspace. Currently, only RADIUS is supported.

    Overview screen

    This screen provides a few basic options to configure the authenticator.

    Identifier - This is what will be presented to the user when the authenticator response is requested. You could for example write "Enter SMS code" for an SMS authenticator, prompting the user to enter the code sent to their mobile.
    Authentication type - Select here if the RADIUS server requires a challenge or OTP authentication.

    • The challenge type will start the authentication with the username and password and expects a challenge back from the RADIUS server for a token code.
    • OTP will directly provide the username and token code and expects an authentication result.

    Servers screen

    This screen lets you add the servers that provide the multi-factor authentication.

    General tab

    Address - The host name or the IP address of the RADIUS server.
    Port - The port number on which the RADIUS server can be accessed.
    Encryption - The encryption type the server uses. Currently only 'PAP' is supported.
    Shared secret - The character string configured on the client hardware and on the RADIUS server.

    Advanced tab

    Priority - The priority of the server; the lower the number the higher the priority.
    Timeout - The number of seconds a server will wait for a response from the RADIUS server.
    Retry - The number of attempts to connect the RADIUS server after a timeout occurs.

    Identity sources screen

    You can add one or more existing identity sources that will be used by this authenticator. Refer to the Identity Source documentation for more information.

    Identity source - The identity source for which the authenticator will provide multi-factor authentication
    Prefix - If the authenticator has a realm prefix string specified, it is appended to the beginning of the username when it is submitted to the RADIUS server.
    Suffix - If the authenticator has a realm suffix string specified, it is appended to the end of the username when it is submitted to the RADIUS server.

    Was this article helpful?
    What's Next