Thycotic has partnered with Duo Security to add two-factor authentication via Duo Push, phone call, or passcode to Secret Server.
Duo Security’s authentication platform secures access to the Thycotic Secret Server web console.
This application communicates with Duo's service on SSL TCP port 443.
Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.
Effective June 30, 2023, Duo will no longer accept TLS 1.0 or 1.1 connections or support insecure TLS/SSL cipher suites. See Duo Knowledge Base article 7546 for additional guidance.
The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!
Refer to the article Duo Security Authentication in the Secret Server Admin Guide on the Thycotic site. Follow the directions to configure Duo 2FA for Secret Server logins.
Users of IBM Security Secret Server should refer to the "Duo Security Authentication" instructions in the Secret Server User Guide.
Log in to Secret Server as a user configured for Duo. You should see additional logon options as described in the Secret Server Admin Guide.
Need some help? Try searching our Knowledge Base articles or Community discussions. For questions about the Duo integration, try contacting Thycotic Support. For further assistance with Duo, contact Duo Support.