Skip to content
Last update: 2022-06-30

Deploy OTP tokens manually

In some cases, you may need to provide an OTP token to an end-user manually, even when the service is set to create tokens automatically. These cases include, for example, when a user doesn’t have access to an authenticator application. To do this, you configure the OTP service and deploy a token manually. Then, the user obtains the token through the captive portal.

Objectives

When you complete this unit, you'll know how to do the following:

  • Turn on the OTP service and specify settings.
  • Add a token and provide it to the user through the user portal.

Specify OTP service settings

First, you turn on the OTP service. Then, to maximize the protection this type of authentication offers, you require all users to use it. You also specify the features for which two-factor authentication is required.

The following steps are executed on the firewall.

  1. Go to Authentication > One-time password and click Settings.

  2. Specify the settings.

    Option Value
    One-time password On
    OTP for all users On
    Auto-create OTP tokens for users On

  3. Enable OTP for WebAdmin and User portal.

  4. Click Apply.

Add a token

Add a token. Users get the token through the captive portal.

  1. Go to Authentication > One-time password and click Add.

  2. Specify the settings.

    Option Value
    Secret abcdefabcdefabcdefabcdefabcdefabcdef
    User jsmith

  3. Click Save. The QR code is available to users in the captive portal. Users can scan the code using an authenticator application and begin using passcodes to sign in.

  4. Locate the user and click Information Information button.

    User status and information

    The firewall displays the token as a QR code and text key. You can send the text key to the user.

    QR code and key

More resources

Back to top