Updated on 2024-09-24 GMT+08:00

Configuring Mobile OTP Login Authentication

A mobile OTP is a mobile application that can generate a dynamic password for identity verification. In mobile OTP verification method, both your static login password and a 6-digit one-time password are required for login.

If you want to enable MFA for the admin account, you need to configure the mobile phone token first, or the admin account cannot log in to the system in MFA mode.

Currently, built-in mobile OTPs and Remote Authentication Dial In User Service (RADIUS) mobile OTPs are supported.

  • Built-in mobile OTP: WeChat applet OTP
  • RADIUS mobile OTP applications: Microsoft Authenticator, Google Authenticator, and FreeOTP

Constraints

Ensure that your bastion host and mobile phone have the same system time, accurate to the seconds. Otherwise, the system may prompt that the mobile OTP fails to be bound.

Synchronize the bastion host system time to the mobile phone time. Refresh the page, scan the new QR code, and try again.

Step 1: Bind a Mobile OTP as a Common User

  1. Log in to your bastion host using your static password.
  2. On the Dashboard page, click the user name in the upper right corner and choose Profile.
  3. On the displayed Profile page, click the Mobile OTP tab.

    On the displayed page, follow the instructions to bind a mobile OTP.

    If you do not have the WeChat app, use the Google verification code program to scan the second QR code.

  4. (Optional) To unbind the mobile OTP, click Unbind on the Mobile OTP tab.

Step 2: Enable Mobile OTP Authentication for a User as the Administrator

  1. Log in to your bastion host as the administrator.
  2. Choose User > User to go to the User management page.
  3. Select a user having mobile OTP bound and click its LoginName.
  4. In the User Setting area, click Edit.

    Figure 1 Editing user setting

  5. In the displayed Edit user settings dialog box, select Mobile OTP for Multifactor Verification.
  6. Click OK.

    The next time the user logs in to the system, they will have to provide a mobile OTP.