Authenticators

Authenticators provide 2-Factor authentication in Liquit. All authenticators that support RADIUS can be added.

You start off with an empty list. By clicking 'Add' you can setup an authenticator.

Add new authenticator


alt text
The initial pop-up asks you to select the type of authenticator. Currently, only RADIUS is supported

alt text

The details windows has a few options:

  • Name
    A name to identify the authenticator in your Liquit system.

  • Identifier
    This is what will be presented to the user when the authenticator response is requested. When a user logs in and the authentication response is requested, what you enter here will be the message to the user. You could for example enter "Enter SMS code" for an SMS authenticator, prompting the user to enter the code sent to their mobile.

  • Enabled
    This will enable the authenticator on creation.

After clicking 'Next' you'll be presented the summary screen, where you can opt to immediately edit the created authenticator.

alt text

Ticking the box will take you to the details panel of the newly created authenticator.

Edit existing authenticator


alt text

Add authenticator Servers


You will need to add a server to the authenticator to make it work. Add a server by clicking on the 'Add Server' button.

alt text
The initial 'Add Server' window will require you to enter the details of your authenticator server

General - Add authenticator Servers


  • Name
    A name to identify the server under this authenticator.

  • Address
    The address of the server. Either hostname or IP.

  • Port
    The port on which this server can be accessed.

  • Encryption
    The encryption type the server uses. Currently only 'PAP' is supported.

  • Shared secret
    The shared secret.

Advanced - Add authenticator Servers


On the advanced tab you can specify advanced properties specific to this server.

alt text

  • Timeout
    Set a timeout for connecting to this server.

  • Retry
    The number of times the connection will be retried after incurring the timeout..

Identity sources - Authenticator


Under the 'Identity sources' tab you can add one or more identity sources that will be used by this authenticator.

Attention

Identity sources need to be created before you can select them here. Refer to the Identity Source documentation for more information The default 'LOCAL' identity source can NOT be used for this.

alt text Click on 'Add Identity source' to specify an Identity Source to use

alt text
The pop-up of adding an Identity Source to an Authenticator

  • Identity source
    Select your configured Identity Source from the list to use.
  • Prefix
    A prefix to be used by the authenticator.
  • Suffix
    A suffix to be used by the authenticator.

Click on 'Confirm' to add it to the list.