OTP service settings
One-time password: Turn on the one-time password service.
OTP for all users: Require all users to use one-time passwords. If you want only specific users to use one-time passwords, turn this setting off and select users.
Auto-create OTP tokens for users: Automatically create OTP tokens for users. Tokens are deployed as a QR code in the user portal. Users scan the code using an authenticator application, which then generates passcodes. If you don't turn on this setting, you must provide OTP tokens manually.
Enable OTP for facilities: Firewall features that require multi-factor authentication.
User portal must be selected when auto-create is turned on.
When WebAdmin is selected, you must ensure that users have access to one-time password tokens. If they don't, you risk logging them out permanently.
Default token timestep in seconds: Interval, in seconds, with which passcode generation occurs on the one-time password service. This value must be the same as that specified by the authenticator application. The one-time password service and the authenticator application have a default value of 30 seconds.
Maximum passcode offset steps: Maximum number of timesteps by which the clock of a token can drift between client and server. For example, if you specify a value of 3 and the timestep is 30 seconds, the client can use any passcode from the previous 90 seconds or the subsequent 90 seconds as long as the code wasn’t already used.
Maximum initial passcode offset steps: Maximum number of timesteps by which the clock of a token can drift between client and server for the first sign-in only.