How Does the One Time Password Feature Work?
The Secure Mobile Access administrator can enable the One Time Password feature on a per-user or per-domain basis with the one-time password methods such as Email, TOTP, SMS, and Backup Code. To enable the One Time Password feature on a per-user basis, the administrator must edit the user settings in the Secure Mobile Access management interface. The administrator must also enter an external email address for each user who is enabled for One Time Passwords. For users of Active Directory and LDAP, the administrator can enable the One Time Password feature on a per-domain basis.
Enabling the One Time Password feature on a per-domain basis overrides individual “enabled” or “disabled” One Time Password settings. Enabling the One Time Password feature for domains does not override manually entered email addresses that take precedence over those auto-configured by a domain policy and over AD/LDAP settings.
To use the Secure Mobile Access One Time Password feature, the administrator must configure valid mail server settings in the Log > Settings page of the Secure Mobile Access management interface. The administrator can configure the One Time Password feature on a per-user or per-domain basis and can configure timeout policies for users.
If the email addresses to which you want to deliver your One Time Passwords are in an external domain (such as SMS addresses or external webmail addresses), you might need to configure your SMTP server to allow relaying from the SMA appliance to the external domain.
For users enabled for the One Time Password feature either on a per-user or per-domain basis, the login process begins with entering standard username and password credentials in the Secure Mobile Access interface. After login, users receive a message that a temporary password has been sent to a predefined email account. The user must log in to the external email account and retrieve the one-time password, then type or paste it into the appropriate field in the Secure Mobile Access login interface. Any user requests prior to entering the correct one-time password re-directs the user to the login page.
The one-time password is automatically deleted after a successful login and can also be deleted by the user by clicking Cancel in the Secure Mobile Access interface, or it is automatically deleted when the user fails to login within that user’s timeout policy period.
Was This Article Helpful?
Help us to improve our support portal