Help Center/ Cloud Bastion Host/ User Guide/ Dashboard of the CBH System/ Profile/ Managing Mobile OTP Application for Login Authentication
Updated on 2024-09-30 GMT+08:00

Managing Mobile OTP Application for Login Authentication

A mobile OTP application is a software token application used to generate a dynamic password on a bound mobile phone. You can configure mobile one-time password (OTP) verification to implement MFA for your bastion host. After mobile OTP verification is configured, in addition to the username and password, a 6-digit mobile OTP verification code is required for each login. For details, see Configuring Mobile OTP Login Authentication.

Currently, built-in mobile OTPs and Remote Authentication Dial In User Service (RADIUS) mobile OTPs are supported.

  • Built-in mobile OTP application: WeChat applet mobile OTP.
  • RADIUS mobile OTP applications: Google Authenticator and FreeOTP
  • Ensure that your bastion host and mobile phone have the same system time, accurate to seconds. Otherwise, the mobile OTP application may fail to be bound to the user account.
  • If the mobile OTP fails to be bound, change the system time to be the same as the mobile phone time. After this, refresh the page to generate a new quick response (QR) code for binding.

This topic describes how to bind and unbind a mobile OTP application.

Binding a Mobile OTP application to a User

  1. Log in to your bastion host.
  2. On the Dashboard page, click the user name in the upper right corner and choose Profile.

    Figure 1 Profile

  3. Click the Mobile OTP tab.
  4. In the displayed Mobile OTP dialog box, bind a mobile OTP application as prompted.

    1. WeChat applet access token

      Start WeChat on the mobile phone, obtain the dynamic password for binding according to the operation guide, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound.

    2. App-based mobile OTP

      Start the installed mobile OTP application, scan the QR code in step 2 to obtain a dynamic password, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound to you.

  5. Refresh the page.

Unbinding a Mobile OTP Application

Click Unbind on the Mobile OTP tab to unbind the mobile OTP application.

After the unbinding, refresh the page.

Figure 2 Unbinding a mobile OTP application