The 4Passwords Authenticator

Installation, Configure & Use

The 4Password Authenticator can be installed on-premise or used online.
The app will connect to a Secret Server of choice from the browser where the app is loaded from.
No data will be send to any other servers then the configured Secret server.
Communication is exlusively from your browser to your Secret Server.
All locally stored data is encryted and cached in each browser and device.
Before usage the configured Secet Secret server, needs to be prepared and meet the requirements.

Online vs On-Premise

Both editions have the same requirements & preperation

Do you meet all the secret server requirements?


Use te Setup Guide to prepare your Secret Server


View the release notes, for changes and bugfixes.


Use the Online

The is the online edition of the 4Passwords Authenticator.
It is allways updated and ready to use.


Install the On-premise version

Download the latest version of the
The install file can be extrated and run on any webserver or locally


Quick Help for Using the App for the first time.

Configuration wizard

When the app is loaded for the first time, it will not detect any previous settings or the offline cached mode.

The setup wizard will guide you through the 4 main steps in configuring the app.

  1. Secret Server URL & Authentication Domain
    • Provide your full Secret Server URL.
      • make sure you use HTTPS:// and the optional subfolder
    • Provide your Domain Name.
      • this field, should contain either your domain name as you see in the dropdown box of your secret server,or the word local for local account login, or empty to use the default domain listed in SecretServer.
    • Press the Next step button to continue.
  2. User Credentials
    • Provide your username
    • Provide your password
    • Provide your Authenticator code
      • if left blank and an authenticator is required, this will count as a failed login.
      • make sure to wait on the OTP refresh so the code is correct. you can lock your Thycotic Secret Serveraccount if trying too many times, with a wrong OTP code or password.
      • when login fails too many times, there can be a clock sync problem on your workstation and on theserver. these both need to be in sync.
    • Press the login button
      • If successful, the wizard will continue to the next step.
  3. 4PA Settings

This step will search automatically for an existing user preferences secret and or any global Autodiscoverpreferences.

The screen may show additional screen before the final state it found. please wait until its finished.

Below you see the three possible screens the setup wizard can show.

No preferences found, manual configuration required.

If the app fails to find any preferences secrets then the app will ask you to supply a template ID.

    • If requested supply the Authenticator template ID.
    • Most likely your Thycotic Secret Server Admin did not prepare secret server with Autodiscover preferencesecrets, or you do not have permission on any of the preference secrets.
    • You can find the Authenticator Template ID manually by creating a new secret with the Authenticatortemplate. The numeric ID is in the URL of the template.

Autodiscover references found and loaded, almost done.

In this situation the Autodiscover secrets were found and loaded. you can continue with the next step to setupyour offline passphrase

    • Press the Next step button to continue.

User preferences found and loaded, no configuration remaining

In this situation the user preferences secrets were found and loaded. This has loaded your previous setfavorites, offline password and other application settings that may apply. you can continue to start using theapp

    • Press the "To authenticators" button to close the wizard.

Offline Mode

The offline mode step asks you for a passphrase. with this passphrase the app will encrypt all local storage as cache with 256 bit AES encryption. This will enable the offline mode and the option to store your settings, favorite and offline passphrase in secret server in a user preferences file.

In the offline mode the 4PA Authenticator app can be used without an active internet connection. This is optional and requires that you to create an offline passphrase. This passphrase is used to encrypt your data locally.

If disabled or not configured, your session is limited to 20 minutes and you will be logged out after expiration.

Please note, whilst in offline mode it is not possible to retrieve new data without going online first.

    • Provide an offline passphrase and press the "Enable offline mode". this completes the setup wizard.
    • Optionally continue as an online-only session.


When you click on an authenticator it will copy the response code in the clip-board.

You can set or unset an Authenticator as favorite by toggling the star icon.

  • make sure to set an offline passphrase and save the settings in the online mode. in this way your favorites can be loaded in multiple sessions.
  • you need to save the favorites and other settings manually by going to settings > Save setting to server.

Reload authenticators

This function will reload / refresh all Authenticator secrets you have permission to with the authenticators and its data from Secret Server.

You need to be in the online mode to use this feature.

Lock / Unlock mode

The lock icon will lock a session within the app or browser. you can unlock offline with your passphrase.

Switch to Offline or Online mode

You're in encrypted offline mode

When you are in Offline mode, you will see a green bar in the top of the screen, this means you API access token from secret server is expired.

  • click on the green bar or goto:
    • Settings > Encrypted offline mode.
    • Login again for Online mode

The Online mode

When in Online mode you can switch to offline mode

  • goto: Settings > Encrypted offline mode.
  • activate: Switch to offline mode
    • This will remove your Thycotic Secret Server API access token. you will need to login again if you want to refresh Authenticators, save or load settings


Save to Server

You can save your user setting (favorites, settings and offline passphrase to secret server if you are in the online mode.

Import from Server

You can load your user setting (favorites, settings and offline passphrase from secret server if you are in the online mode.

Edit settings on Server

This will open the Thycotic Secret Server secret view of your user preferences secret. if you are in the online mode.

Secret Server Hosting

Security Solutions as a service.
Maximize your password security,
Minimize your security risks.