Secure Mobile Access 12.4 Administration Guide

Using One-Time Passwords for Added Security

A one-time password (OTP) is a randomly generated password that is used only once. Using an OTP as the second factor for authentication provides additional security for users: after standard user name and password credentials are submitted, the system generates a one-time password, which is sent to the user at a predefined SMS or email address. The user then logs in to that email account to retrieve the OTP and enters it when prompted. The likelihood of the password being compromised is reduced because a new OTP is generated after each successful, canceled, or failed login, or when a login attempt has timed out.

SMA supports TOTP, SMS, and Email based one time passwords. For more details, refer respective section of this guide.

To configure authentication that includes an OTP, you must do the following:

  • Configure your mail server. If one-time passwords are going to be delivered to external domains (for example, an SMS address or external webmail address), you may have to configure the SMTP server to allow passwords to be sent from the appliance to the external domain.

  • Configure an OTP in the Advanced area of the authentication server configuration. Specify the directory attributes that store the email addresses to which OTPs are sent.

You can also use Time-Based One-Time passwords (TOTP) that use third-party client applications for authentication. See Using Time-Based One-Time Passwords for more information.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.