Mobile OTPs

A mobile OTP application is a software token application used to generate a dynamic password on a bound mobile phone. You can configure mobile one-time password (OTP) verification to implement MFA for your bastion host. After mobile OTP verification is configured, in addition to the username and password, a 6-digit mobile OTP verification code is required for each login. For details, see Configuring Mobile OTP Login Authentication.

Currently, built-in mobile OTPs and Remote Authentication Dial In User Service (RADIUS) mobile OTPs are supported.

Built-in mobile OTPs support Time-based One-Time Password (TOTP). You need to bind a mobile OTP to a user in the Profile module in your bastion host system. You can bind a mobile OTP through a WeChat applet or other similar programs, such as Google Authenticator and FreeOTP Authenticator, that support TOTP.
RADIUS mobile OTPs also support TOTP. You need to connect to the RADIUS server you have created and bind the mobile OTP on the RADIUS server. You can bind the mobile OTP through a WeChat applet or similar programs, such as Google Authenticator and FreeOTP Authenticator, that support TOTP.

Ensure that your bastion host and mobile phone have the same system time, accurate to seconds. Otherwise, the mobile OTP application may fail to be bound to the user account.
If the mobile OTP fails to be bound, change the system time to be the same as the mobile phone time. After this, refresh the page to generate a new quick response (QR) code for binding.

Binding a Mobile OTP application to a User

Log in to your bastion host.
On the Dashboard page, click the username in the upper right corner and choose Profile.

Figure 1 Profile
Click the Mobile OTP tab.
In the displayed Mobile OTP dialog box, bind a mobile OTP application as prompted.

Before binding, make sure the time of the bastion host is consistent with that of the mobile phone.
1. WeChat applet access token
  Start WeChat on the mobile phone, obtain the dynamic password for binding according to the operation guide, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound.
2. App-based mobile OTP
  Start the installed mobile OTP application, scan the QR code in step 2 to obtain a dynamic password, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound to you.
Refresh the page.

Unbinding a Mobile OTP Application

Click Unbind on the Mobile OTP tab to unbind the mobile OTP application.

After the unbinding, refresh the page.

Figure 2 Unbinding a mobile OTP application
Click to enlarge

Parent topic: Multifactor Verification Management

Previous topic: OTP Token Management

Next topic: SSH Pubkey

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot