Updated on 2023-08-17 GMT+08:00

Configuring Mobile OTP Login Authentication

A mobile OTP is a mobile application that can generate a dynamic password for identity verification. In mobile OTP verification method, both your static login password and a 6-digit one-time password are required for login.

If you want to enable MFA for the admin account, you need to configure the mobile phone token first, or the admin account cannot log in to the system in MFA mode.

Currently, CBH supports built-in mobile OTP and Remote Authentication Dial In User Service (RADIUS) mobile OTP.

  • Built-in mobile OTP: WeChat applet OTP
  • RADIUS mobile OTP applications: Google Authenticator and FreeOTP

Constraints

Ensure that your CBH system and mobile phone have the same system time, accurate to the seconds. Otherwise, the system may prompt that the mobile OTP fails to be bound.

Synchronize the CBH system time to the mobile phone time. Refresh the page, scan the new QR code, and try again.

Step 1: Bind a Mobile OTP as a Common User

  1. Log in to the CBH system using your static password.
  2. On the Dashboard page, click the user name in the upper right corner and choose Profile.
  3. On the displayed Profile page, click the Mobile OTP tab.

    On the displayed page, follow the instructions to bind a mobile OTP.
    Figure 1 Mobile OTP configuration

    If you do not have the WeChat app, use the Google verification code program to scan the second QR code.

  4. (Optional) To unbind the mobile OTP, click Unbind on the Mobile OTP tab.

Step 2: Enable Mobile OTP Authentication for a User as the Administrator

  1. Log in to a CBH system as the administrator.
  2. Choose User > User to go to the User management page.
  3. Select a user having mobile OTP bound and click its LoginName.
  4. In the User Setting area, click Edit.

    Figure 2 Editing user setting

  5. In the displayed Edit user settings dialog box, select Mobile OTP for Multifactor Verification.
  6. Click OK.

    The next time the user logs in to the CBH system, they will have to provide a mobile OTP.