The CyberArk Vault supplies the following secondary authentication features:
Secondary authentication is configured in the authentication parameters for each authentication method.
In the System Configuration page, click Options, then expand Authentication Methods; a list of the supported configuration methods is displayed.
Select an authentication method to set secondary authentication.
Set any of the following parameters:
Parameter Description UseVaultAuthentication
Whether or not the user will be required to provide his Vault user’s password manually and his credentials will be passed to the Vault for authentication, without relying on a 3rd party authentication server. This can be used in conjunction with a 3rd party authentication to enforce two factor authentication (i.e. require an additional Vault authentication in addition to the primary IIS authentication).
This cannot be disabled for CyberArk authentication
UseRadius Whether or not RADIUS will be used to connect to the Vault. In order to enable this parameter as a secondary authentication method in addition to the IIS authentication method, the UseVaultAuthentication parameter must be enabled. UseLDAP Whether or not LDAP authentication will be used to authenticate users to the Vault. In order to enable this parameter as a secondary authentication method in addition to the IIS authentication method, the UseVaultAuthentication parameter must be enabled.
Click Apply to apply the configuration changes immediately,
Click OK to save the changes and display the System Configuration page.