Log in Sign Up
Protectimus logo
Menu
Guides
Hide Show

Configuring Two-Factor Authentication for Wallix PAM

Easily enable two-factor authentication (2FA) in Wallix PAM with Protectimus using the RADIUS protocol.

To make this work, you’ll need to configure authentication policies in Wallix to send authentication requests through RADIUS to the Protectimus RADIUS Server. After receiving the request, the Protectimus RADIUS Server forwards it to the Protectimus authentication platform to verify the user’s one-time password (OTP), then returns the result to Wallix over the same RADIUS connection.

Take a look at the Wallix PAM 2FA setup scheme to see exactly how this RADIUS-based two-factor authentication process works in action.

Wallix PAM 2FA (two-factor authentication) setup scheme
To enable Wallix PAM two-factor authentication (2FA):

  1. Install and configure Protectimus RADIUS Server.
  2. Get registered with Protectimus SAAS 2FA Service or On-Premise 2FA Platform and configure basic settings.
  3. Configure Wallix authentication policies.

1. Get Registered and Configure Basic Protectimus Settings


  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the Radius box during the installation).
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

2. Install and Configure Protectimus RADIUS Server


Detailed instructions for installing and configuring the Protectimus RADIUS Server for Wallix PAM 2-factor authentication using RADIUS are available in our Protectimus RADIUS Server Installation Guide for Wallix Bastion 2FA.

3. Add Protectimus as a RADIUS Server in Wallix Bastion


  1. Log in to the Wallix Bastion web interface, then navigate to Configuration –> External Authentications.
  2. Select + Add an Authentication to create a new authentication entry.

Add Protectimus as a RADIUS server in Wallix Bastion - step 1
  1. Select RADIUS from the Authentication Type dropdown menu.

Add Protectimus as a RADIUS server in Wallix Bastion - step 2
  1. Fill in the required fields for your RADIUS authentication

Authentication type RADIUS
Authentication name Come up with a name for your RADIUS server, e.g. Protectimus RADIUS Server.
Server Enter the hostname or IP of server where the Protectimus RADIUS Server component is installed.
Port Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).
Timeout (s) Set to 5 seconds.
Secret Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server.
Description Enter a description of your choice (optional).

Add Protectimus as a RADIUS server in Wallix Bastion - step 3
  1. If you’re using a Protectimus platform cluster setup, it’s recommended to configure a second RADIUS server by completing the form again to ensure high availability.
  2. Go to Configuration –> LDAP/AD Domains, and add RADIUS Authentication as the Secondary authentication method.

Add Protectimus as a RADIUS server in Wallix Bastion - step 5

You’ve successfully integrated two-factor authentication (2FA/MFA) with Wallix PAM.

For assistance, please contact Protectimus Customer Support.

    Protectimus Ltd

    Carrick house, 49 Fitzwilliam Square,
    Dublin D02 N578, Ireland

    Ireland: +353 19 014 565
    USA: +1 786 796 66 64

    support@protectimus.com
    sales@protectimus.com

    Facebook Icon YouTube Icon LinkedIn Icon X Icon
    OATH CertifiedCitrix ReadyMicrosoft Partner
    © 2025 Protectimus Ltd
    © 2025 Protectimus Ltd
    This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.
    Table of Contents