Add OTP Token

This page enables you to add and edit one-time password tokens.

  1. Go to Device Configuration > Configure > Authentication > One-time Password and click the Add button.
  2. Specify the following details while adding an OTP token:
    Secret
    This is the shared secret of the user's hardware token or soft token. A hardware token has an unchangeable secret, given by the hardware producer. The soft token is created randomly by Firewall, when Auto-create OTP tokens for users is enabled in OTP Settings. The secret should have a hexadecimal format and consist of at least 32 characters.
    User (optional)
    Select the user to whom the token should be assigned.
    Note Clientless Users cannot be assigned.
    Description (optional)
    Add a description upto 255 characters. This text will be displayed for the administrator with the QR code. If you define different tokens for one person, e.g., a hardware token and a soft token for the mobile phone, it is useful to enter some explanation here as the user will be displayed all QR codes side by side.
    Use custom token timestep
    If you need another timestep for a token than the default token timestep defined in the OTP Settings section, enable this toggle switch and enter the value. The timestep defined here has to correspond with the timestep of the user's password generation device, otherwise authentication fails.
    Timestep
    Enter the value for the timestep.
    Acceptable range: 10 - 300 seconds.
    Additional Codes (Available only when editing OTP token)
    You can add one-time passwords manually for a token. Click the Plus icon to generate the one-time passwords (maximum 10). These one-time passwords are not time-limited. A one-time password will be deleted automatically when the user has logged in with it.
    Figure: Add OTP Token
  3. Click Save.
The OTP token for the specific user will be created and will appear in the one-time password list on the One-time Password page. Default Status of the token will be enabled.