Managing Mobile OTP Application for Login Authentication

A mobile OTP application is a software token application used to generate a dynamic password on a bound mobile phone. You can configure mobile one-time password (OTP) verification to implement MFA for your bastion host. After mobile OTP verification is configured, in addition to the username and password, a 6-digit mobile OTP verification code is required for each login. For details, see Configuring Mobile OTP Login Authentication.

Currently, built-in mobile OTPs and Remote Authentication Dial In User Service (RADIUS) mobile OTPs are supported.

Built-in mobile OTP application: WeChat applet mobile OTP.
RADIUS mobile OTP applications: Google Authenticator and FreeOTP

Ensure that your bastion host and mobile phone have the same system time, accurate to seconds. Otherwise, the mobile OTP application may fail to be bound to the user account.
If the mobile OTP fails to be bound, change the system time to be the same as the mobile phone time. After this, refresh the page to generate a new quick response (QR) code for binding.

This topic describes how to bind and unbind a mobile OTP application.

Binding a Mobile OTP application to a User

Log in to your bastion host.
On the Dashboard page, click the user name in the upper right corner and choose Profile.

Figure 1 Profile
Click the Mobile OTP tab.
In the displayed Mobile OTP dialog box, bind a mobile OTP application as prompted.
1. WeChat applet access token
  Start WeChat on the mobile phone, obtain the dynamic password for binding according to the operation guide, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound.
2. App-based mobile OTP
  Start the installed mobile OTP application, scan the QR code in step 2 to obtain a dynamic password, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound to you.
Refresh the page.

Unbinding a Mobile OTP Application

Click Unbind on the Mobile OTP tab to unbind the mobile OTP application.

After the unbinding, refresh the page.

Figure 2 Unbinding a mobile OTP application

Parent topic: Profile

Previous topic: Editing Basic Information in Profile

Next topic: Managing SSH Public Keys

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel