How can I configure Time-Based One Time Password (TOTP) in SMA 100 series?

09/28/2023 360 People found this article helpful 477,901 Views

Description

The Time-Based One Time Password is a multi-factor authentication scheme that enabled third party integration to generate secure time-based OTP via third party authentication Apps such as Google authenticator, Microsoft authenticator, Duo, Free-OTP, etc.

In this article, we will see how to configure TOTP in SMA 100 series in a domain level and how to use Google Authenticator App and Microsoft authenticator App to bind and get TOTP. TOTP is introduced in SMA 100 series starting from firmware 9.0.0.0-9sv.

Cause

TOTP is an alternative to traditional two-factor authentication methods. TOTP passwords keep on changing and are valid for only short window in time, because of which TOTP is considered more secure OTP solution.

Resolution

NOTE: In-order to use TOTP, please make sure the firmware on appliance is 9.0 or above.

TIP: For configuration on User Discretion level to have both Email OTP and TOTP Mobile App for user, Click here

Configuration on SMA appliance:

Navigate to Portals |Domains. Add / Edit an existing domain and enable One-Time Passwords. Select Use Mobile App.

NOTE: OTP cannot be enabled for default LocalDomain. Please create new domain to have OTP / TOTP enabled.
Click Accept.
Now, all users who are part of this domain will be enforced to enter TOTP.

How to use Google Authenticator App

First time, when user logs in they have to bind with Google Authenticator App. Post entering their username & password, they will be prompted with below screen.
Only for first time login, they have to click bind. Clicking on bind link will display below screen.
Open Google Authenticator App.
Begin Setup.
Scan barcode and scan the barcode shown on the Virtual Office portal. Once barcode is scanned, App binding is done and the App will now show the Code. The code will expire every 30 seconds and new code will be shown.
Enter the code in the Virtual office portal Code section and click Login. You will now be logged in to the portal.
Once logged in to portal, user have options to unbind the App and he can bind new one upon next login. They can also generate backup codes which can be used when they do not have access to their binded App to generate TOTP. Each backup code can be used only once and they do not expire. User must store them in a safe place.
Generate Backup codes will download a txt file containing 8 backup codes.

How to use Microsoft Authenticator App

The only difference between Google Authenticator App and Microsoft Authenticator App is their GUI. The functionality remains same on both. First time, when user logs in they have to bind with Microsoft Authenticator App. Post entering their username & password, they have to click bind for the first time.

Now, use Microsoft Authenticator App.
Tap on Add account.
Select Work or school account here. Allow Camera access for your App and scan the barcode from Virtual Office page. The account will be added and TOTP will be shown as below.
Enter the TOTP and you will be logged in to the portal.