Authenticators

  • Published on Apr 16, 2025
  • 1 minute(s) read
Prev Next

Authenticators are used to provide multi-factor authentication in the Application Workspace. Currently, only RADIUS is supported.

Overview screen

This screen provides a few basic options to configure the authenticator.

Identifier - This is what will be presented to the user when the authenticator response is requested. You could for example write "Enter SMS code" for an SMS authenticator, prompting the user to enter the code sent to their mobile.
Authentication type - Select here if the RADIUS server requires a challenge or OTP authentication.

  • The challenge type will start the authentication with the username and password and expects a challenge back from the RADIUS server for a token code.
  • OTP will directly provide the username and token code and expects an authentication result.

Servers screen

This screen lets you add the servers that provide the multi-factor authentication.

General tab

Address - The host name or the IP address of the RADIUS server.
Port - The port number on which the RADIUS server can be accessed.
Encryption - The encryption type the server uses. Currently only 'PAP' is supported.
Shared secret - The character string configured on the client hardware and on the RADIUS server.

Advanced tab

Priority - The priority of the server; the lower the number the higher the priority.
Timeout - The number of seconds a server will wait for a response from the RADIUS server.
Retry - The number of attempts to connect the RADIUS server after a timeout occurs.

Identity sources screen

You can add one or more existing identity sources that will be used by this authenticator. Refer to the Identity Source documentation for more information.

Identity source - The identity source for which the authenticator will provide multi-factor authentication
Prefix - If the authenticator has a realm prefix string specified, it is appended to the beginning of the username when it is submitted to the RADIUS server.
Suffix - If the authenticator has a realm suffix string specified, it is appended to the end of the username when it is submitted to the RADIUS server.