Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

OTP token

If your organization implements multi-factor authentication (MFA), you must use a one-time password (OTP) to sign in to some services.

Services and methods of generating OTPs

Your organization can implement MFA for the VPN and user portals.

Note

Turning on MFA for the user portal also applies it to the captive portal and client authentication agents.

Generate OTPs and sign in

To sign in to the services that require MFA, such as the VPN or user portal or remote access VPN, you must first scan the QR code using an authenticator application.

Do as follows:

  1. Install an authenticator app on your mobile device. You can install Intercept X for Mobile as follows:

    Alternatively, you can use a third-party app, such as Google Authenticator, that your administrator recommends.

  2. On Intercept X for Mobile, tap the left menu button Left menu button. and tap Authenticator, then follow the instructions. See Authenticator.

    Note

    You must use Time-based OTP (TOTP).

  3. In the browser window on your endpoint device, sign in to the VPN or user portals with your username and password.

    The VPN and user portals show the OTP token. You can see the QR code and the secret in HEX and Base32 formats.

    QR code and key.

  4. On Intercept X for Mobile, tap the plus button in the lower-right corner, tap Scan QR code and scan the code.

    The app starts generating time-based passcodes.

    Passcode on an authenticator app.

    Alternatively, you can tap Add manually and enter the secret in Base32 format. Enter only the letters and numbers.

  5. In your browser window, click Proceed to login.

    You'll see the link at the top or on the upper-left corner.

  6. Enter your credentials as follows:

    • Username: <username>
    • One-time password: <yourpassword><passcode>

    You can also enter these credentials to establish remote access VPN connections.

  7. Click Login.

Your administrator may provide a hardware token that generates time-based passcodes at regular intervals, or a passcode for one-time use.

  1. To sign in to the services that require MFA, such as the VPN or user portal, enter your credentials as follows:

    • Username: <username>
    • One-time password: <yourpassword><passcode>
  2. Click Login.