Configuring One-Time password
03/26/2020 
102 
17071
DESCRIPTION:
The SSL VPN administrator can enable the One Time Password feature on a per-user or per-domain basis.
RESOLUTION:
Mail Server settings in the Log | Settings page:
In order to use the SSL VPN One Time Password feature, the administrator must configure valid mail server settings in the Log | Settings page of the SSL VPN management interface. The administrator can configure the One Time Password feature on a per-user or per-domain basis, and can configure timeout policies for users.
If the email addresses to which you want to deliver your SSL VPN One Time Passwords are in an external domain (such as SMS addresses or external webmail addresses), you will need to configure your SMTP server to allow relaying from the SSL-VPN to the external domain.
Enabling One Time Password feature on a per-user basis:
The administrator must edit the user settings in the SSL VPN management interface. The administrator must also enter an external email address for each user who is enabled for One Time Passwords.
Enabling One Time Password feature on a per-domain basis:
For users of Active Directory and LDAP, the administrator can enable the One Time Password feature on a per-domain basis.
Note: Enabling the One Time Password feature on a per-domain basis overrides individual "enabled" or "disabled" One Time Password settings. Enabling the One Time Password feature for domains does not override manually entered email addresses, which take precedence over those auto-configured by a domain policy and over AD/LDAP settings.
How to Test:
To use the One-Time Password feature, perform the following steps:
Step 1: If you are not logged into the SSL VPN Virtual Office user interface, open a Web browser and type the Virtual Office interface URL in the Location or Address bar and press Enter. Type in your standard User Name field and your password in the Password field, then select the appropriate domain from the Domain pull-down. Click Login.
Step 2 The prompt "A temporary password has been sent to user@email.com" will appear, displaying your pre-configured email account.
Step 3 Login to your email account to retrieve the one-time password.
Step 4 Type or paste the one-time password into the Password: field where prompted and click Login.
Step 5 You will be logged in to the Virtual Office.
Note One-time passwords are immediately deleted after a successful login, and cannot be used again. Unused one-time passwords will expire according to each user's timeout policy.
Configuring One-Time Passwords for SMS-Capable Phones
SonicWall SSL VPN One-Time Passwords can be configured to be sent via email directly to SMS-capable phones. Contact your cell phone service provider for further information about enabling SMS. Below is a list of SMS email formats for selected major carriers, where 4085551212 represents a 10-digit telephone number and area code.
Note These SMS email formats are for reference only. These email formats are subject to change and may vary. You may need additional service or information from your provider before using SMS. Contact the SMS provider directly to verify these formats and for further information on SMS services, options, and capabilities.
Verizon: 4085551212@vtext.com
Sprint: 4085551212@messaging.sprintpcs.com
AT&T: 4085551212@mobile.att.net
Cingular: 4085551212@mobile.mycingular.com
T-Mobile: 4085551212@tmomail.net
Nextel: 4085551212@messaging.nextel.com
Virgin Mobile: 4085551212@vmobl.com
Qwest: 4085551212@qwestmp.com
Verifying User One-Time Password Configuration
If you are successfully logged in to Virtual Office, you have correctly used the One-Time Password feature.
If you cannot login using the One-Time Password feature, verify the following:
Are you able to login to the Virtual Office without being prompted to check your email for a one-time password? You have not been enabled to use the One-Time Password feature. Contact your SSL VPN administrator.
Is your email address correct? If your email address has been entered incorrectly, contact your SSL VPN administrator to correct it.
Is there no email with a one-time password? Wait a few minutes and refresh your email inbox. Check your spam filter. If there is no email after several minutes, try to login again to generate a new one-time password.
Have you accurately typed the one-time password in the correct field? Re-type or copy and paste the one-time password.
Troubleshooting Common Errors
Symptom I see an error message indicating that an email configuration is invalid, and I have verified that the One-Time Password feature is configured correctly.
Possible Cause The SonicWall SSL VPN One-Time Password feature does not support email servers that require passwords or other authentication. Your email server must allow anonymous access to allow the One-Time Password feature to successfully send a one-time password.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
