• Create a secret from any web enabled Template from Secret Server(see picture 2).
• Give the Secret the name:4pa_autodiscover_domain_preferences
• where the domain word needs to be changed to is the actual domain name that a user will use in the domain field from login. If there are multiple variants to fill in the domain name then create several records with these names.
• This can also be the Thycotic alternate name or the word "local" for local account preferences. optionally it can also be left blank and made a global preference with "4pa_autodiscover_preferences".

examples:

4pa_Autodiscover_mydomain_preferences

4pa_Autodiscover_mydomain.corp_preferences

4pa_Autodiscover_local_preferences

4pa_Autodiscover_preferences

• Add in the notes field a json object with the correct Authenticator Template ID for your domain.
• example: copy and paste the line below, and change the #### in the numeric Authenticator template Id{"templateId":"####"}
• Note: the template ID will be different on each secret server.
• To quickly retrieve your authenticator template id:
• Switch to the old UI and view the ID in the URL header when you create a secret from Secret Server with the Authenticator template(picture 3).
• Edit the authenticator template in the admin section and retrieve the id in the new UI
• Use the browser inspect tool and open the network tab, then click on a new secret and select the authenticator template. this will request a json object with a template pocket which has the value. this is your id.
• The other fields like a password, the URL or the username are ignored, but can be required fields in secret server.
• Add as user-id: 4pa_preferences
• Add as URL: the URL of your secret server
• generate a random password.
• Save the secret and share it with the correct scope and permissions so all targeted users can find this secret.

When the app is loaded for the first time, it will not detect any previous settings or the offline cached mode.

The setup wizard will guide you through the 4 main steps in configuring the app.

1. Secret Server URL & Authentication Domain(see image 4)
   • Provide your full Secret Server URL.
     • make sure you use HTTPS:// and the optional subfolder
   • Provide your Domain Name.
     • this field, should contain either your domain name as you see in the dropdown box of your secret server,or the word local for local account login, or empty to use the default domain listed in SecretServer.
   • Press the Next step button to continue.
2. User Credentials
   • Provide your username
   • Provide your password
   • Provide your Authenticator code
     • if left blank and an authenticator is required, this will count as a failed login.
     • make sure to wait on the OTP refresh so the code is correct. you can lock your Thycotic Secret Serveraccount if trying too many times, with a wrong OTP code or password.
     • when login fails too many times, there can be a clock sync problem on your workstation and on theserver. these both need to be in sync.
   • Press the login button
     • If successful, the wizard will continue to the next step.
3. 4PA Settings

This step will search automatically for an existing user preferences secret and or any global Autodiscoverpreferences.

The screen may show additional screen before the final state it found. please wait until its finished.

Below you see the three possible screens the setup wizard can show.

No preferences found, manual configuration required.

If the app fails to find any preferences secrets then the app will ask you to supply a template ID.

• • If requested supply the Authenticator template ID.
  • Most likely your Thycotic Secret Server Admin did not prepare secret server with Autodiscover preferencesecrets, or you do not have permission on any of the preference secrets.
  • You can find the Authenticator Template ID manually by creating a new secret with the Authenticatortemplate. The numeric ID is in the URL of the template.

Autodiscover references found and loaded, almost done.

In this situation the Autodiscover secrets were found and loaded. you can continue with the next step to setupyour offline passphrase

• • Press the Next step button to continue.

User preferences found and loaded, no configuration remaining

In this situation the user preferences secrets were found and loaded. This has loaded your previous setfavorites, offline password and other application settings that may apply. you can continue to start using theapp

• • Press the "To authenticators" button to close the wizard.

Offline Mode

The offline mode step asks you for a passphrase. with this passphrase the app will encrypt all local storage as cache with 256 bit AES encryption. This will enable the offline mode and the option to store your settings, favorite and offline passphrase in secret server in a user preferences file.

In the offline mode the 4PA Authenticator app can be used without an active internet connection. This is optional and requires that you to create an offline passphrase. This passphrase is used to encrypt your data locally.

If disabled or not configured, your session is limited to 20 minutes and you will be logged out after expiration.

Please note, whilst in offline mode it is not possible to retrieve new data without going online first.

• • Provide an offline passphrase and press the "Enable offline mode". this completes the setup wizard.
  • Optionally continue as an online-only session.