TOTP Configuration User Discretion in SMA 100 Series
03/26/2020 11 4869
SMA 100 series gives us the choice of providing both traditional OTP via email and TOTP via Mobile App. In this article, we will see how to configure the TOTP in User Discretion level, to have both Email OTP and Mobile App TOTP.
Click here to see the configuration of TOTP (to use Mobile App) in Domain level
In absence of Mobiles, an user can opt to use their mail to receive traditional OTP. This gives the users a safe alternative to login when they do not have access to their Mobiles.
Configuration on SMA appliance:
1. Navigate to Portals - Domains. Add / Edit an existing domain and enable One-Time Passwords. Select 'User Discretion'. Select both E-mail and Mobile App. Click Accept.
NOTE: OTP cannot be enabled for default LocalDomain. Please create new domain to have OTP enabled.
2. Navigate to Users - Local Users. Edit the user, go to Login Policies tab. Set One-Time Password to Enable.
Select checkboxes Use E-mail and Use Mobile App. E-mail address of the user should be configured here. SMTP Settings should be configured for this to work. Click here to see Configuration of traditional OTP SMTP Settings
Admin can either bind the user's Mobile App from here by clicking Bind or the user can directly bind during first login.
Prefer: Mobile App or E-mail should be selected. If Mobile App is selected, users will be prompted to enter TOTP code, and a link to switch to E-mail OTP.
How to test:
When users try to login for the first time post the above configuration, they will see option to enter Code (TOTP). User can bind the App by clicking on bind link and enter the Code.
If user does not have their mobile phone, they can click Enter OTP code in Email link to receive OTP in their Email.