Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Add a token

You can manually configure a token for software or hardware applications.

Manually add a token

  1. Go to Authentication > Multi-factor authentication.
  2. Under Issued tokens, click Add.
  3. For Secret, do as follows:

    • For hardware tokens, enter the key the device manufacturer provides.
    • For software tokens, enter a unique hexadecimal value. The authenticator app will use the secret to generate passcodes.

      Note

      Go to a third-party website and convert the hexadecimal secret to Base32, for example, Cryptii. Share the Base32 secret with the user.

      Users can enter the Base32 value in their authenticator app to add the account. See OTP token.

  4. Select a user.

  5. (Optional) Turn on Use custom timestep and enter the interval at which the app or hardware token generates passcodes.

    Configure this option to apply a timestep different from the Default token timestep value under MFA settings.

  6. Click Save.

Generate passcodes on the firewall

If a user loses access to their authenticator app or hardware token device, you can manually generate the passcodes and provide these to the user for one-time use.

  1. Go to Authentication > Multi-factor authentication.
  2. Under Issued tokens, click the edit button for the user you want.
  3. For Additional codes, click the add button .

    You can see the passcodes the firewall automatically generates.

    Add OTP tokens manually.

  4. Click Save.

You can send these passcodes to the user. After the user uses a passcode, the firewall automatically deletes it from the list.

More resources