Configuring One-Time password

Description

The SSL VPN administrator can enable the One Time Password feature on a per-user or per-domain basis.

Resolution

Mail Server settings in the Log | Settings page:

In order to use the SSL VPN One Time Password feature, the administrator must configure valid mail server settings in the Log | Settings page of the SSL VPN management interface. The administrator can configure the One Time Password feature on a per-user or per-domain basis, and can configure timeout policies for users.

If the email addresses to which you want to deliver your SSL VPN One Time Passwords are in an external domain (such as SMS addresses or external webmail addresses), you will need to configure your SMTP server to allow relaying from the SSL-VPN to the external domain.

ImageEnabling One Time Password feature on a per-user basis:

The administrator must edit the user settings in the SSL VPN management interface. The administrator must also enter an external email address for each user who is enabled for One Time Passwords.

ImageEnabling One Time Password feature on a per-domain basis:

For users of Active Directory and LDAP, the administrator can enable the One Time Password feature on a per-domain basis.

Note: Enabling the One Time Password feature on a per-domain basis overrides individual "enabled" or "disabled" One Time Password settings. Enabling the One Time Password feature for domains does not override manually entered email addresses, which take precedence over those auto-configured by a domain policy and over AD/LDAP settings.

 ImageHow to Test:

To use the One-Time Password feature, perform the following steps:

Step 1: If you are not logged into the SSL VPN Virtual Office user interface, open a Web browser and type the Virtual Office interface URL in the Location or Address bar and press Enter. Type in your standard User Name field and your password in the Password field, then select the appropriate domain from the Domain pull-down. Click Login.
 
Step 2 The prompt "A temporary password has been sent to user@email.com" will appear, displaying your pre-configured email account.
Step 3 Login to your email account to retrieve the one-time password.
Step 4 Type or paste the one-time password into the Password: field where prompted and click Login.
Step 5 You will be logged in to the Virtual Office.
 
Note One-time passwords are immediately deleted after a successful login, and cannot be used again. Unused one-time passwords will expire according to each user's timeout policy.
 
Configuring One-Time Passwords for SMS-Capable Phones
 
SonicWall SSL VPN One-Time Passwords can be configured to be sent via email directly to SMS-capable phones. Contact your cell phone service provider for further information about enabling SMS. Below is a list of SMS email formats for selected major carriers, where 4085551212 represents a 10-digit telephone number and area code.
 
Note These SMS email formats are for reference only. These email formats are subject to change and may vary. You may need additional service or information from your provider before using SMS. Contact the SMS provider directly to verify these formats and for further information on SMS services, options, and capabilities.
  Verizon: 4085551212@vtext.com
  Sprint: 4085551212@messaging.sprintpcs.com
  AT&T: 4085551212@mobile.att.net
  Cingular: 4085551212@mobile.mycingular.com
  T-Mobile: 4085551212@tmomail.net
  Nextel: 4085551212@messaging.nextel.com
  Virgin Mobile: 4085551212@vmobl.com
  Qwest: 4085551212@qwestmp.com
Verifying User One-Time Password Configuration

If you are successfully logged in to Virtual Office, you have correctly used the One-Time Password feature.

If you cannot login using the One-Time Password feature, verify the following:
 

  Are you able to login to the Virtual Office without being prompted to check your email for a one-time password? You have not been enabled to use the One-Time Password feature. Contact your SSL VPN administrator.

  Is your email address correct? If your email address has been entered incorrectly, contact your SSL VPN administrator to correct it.

  Is there no email with a one-time password? Wait a few minutes and refresh your email inbox. Check your spam filter. If there is no email after several minutes, try to login again to generate a new one-time password.

  Have you accurately typed the one-time password in the correct field? Re-type or copy and paste the one-time password.

 
Troubleshooting Common Errors
 
Symptom I see an error message indicating that an email configuration is invalid, and I have verified that the One-Time Password feature is configured correctly.
 
Possible Cause The SonicWall SSL VPN One-Time Password feature does not support email servers that require passwords or other authentication. Your email server must allow anonymous access to allow the One-Time Password feature to successfully send a one-time password.

 

Related Articles

  • How to download Client Installation package and the access agents from the appliance using WinSCP
    Read More
  • SMA 1000: How to update Advanced EPC Signatures to the Latest Version
    Read More
  • If OTP is enabled, NX disconnects after SMA100 Connect Agent installation
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo