Thycotic Secret Server is a privilege access management software solution that manages passwords and secrets for administrators and other users.  While there's some overlap with WiKID's two-factor authentication for administrators capabilities, Thycotic is focused on access management, compliance and integration with applications. 

If you're going to put all your eggs in one basket, you had better protect that basket, though.  Luckily it is simple to add two-factor authentcation to Thycotic's Secret Server - Professional Edition using RADIUS.

On the Thycotic Secret Server, click on the Admin link and then the Login tab.  At the bottom of the page, click Edit. 

Enter a helpful login explanation and the IP address of your WiKID Server.  Enter the Shared Secret that you will also enter on the WiKID server.  Click Save.

Go back to the Admin link and click on Users in the dropdown.  You have to manually edit every user that you want to use two-factor authentication.  Click on a user and then Edit. 

Click save and do the same for any other users.

On the WiKID server, you just need to add the Thycotic Secret Server as a Network Client (and register the user's tokens).

Give the Network Client a name and enter the IP Address of the Thycotic Secret Server.  Select radius and choose a WiKID domain for this setup. 

Enter the same shared secret as you did on the Thycotic Server and click Add NC.  You will need to run 'wikidctl restart' because  RADIUS caches a lot of information.

That's it.  The WiKID one-time passcode will now be required to login. Note that Thycotic is setup to treat RADIUS authentication like 'two-step authentication'.  This means that on the first screen, you login with your Thycotic username and password:

After that, you will be prompted for the one-time passcode:

Enter your WiKID one-time passcode here. 

Thycotic has a free thirty day evaluation just like WiKID.  So you can test both before purchase.