Updated on 2025-02-17 GMT+08:00

Mobile OTPs

A mobile OTP application is a software token application used to generate a dynamic password on a bound mobile phone. You can configure mobile one-time password (OTP) verification to implement MFA for your bastion host. After mobile OTP verification is configured, in addition to the username and password, a 6-digit mobile OTP verification code is required for each login. For details, see Configuring Mobile OTP Login Authentication.

Currently, built-in mobile OTPs and Remote Authentication Dial In User Service (RADIUS) mobile OTPs are supported.

  • Built-in mobile OTP application: WeChat applet mobile OTP.
  • RADIUS mobile OTP applications: Google Authenticator and FreeOTP
  • Ensure that your bastion host and mobile phone have the same system time, accurate to seconds. Otherwise, the mobile OTP application may fail to be bound to the user account.
  • If the mobile OTP fails to be bound, change the system time to be the same as the mobile phone time. After this, refresh the page to generate a new quick response (QR) code for binding.

Binding a Mobile OTP application to a User

  1. Log in to your bastion host.
  2. On the Dashboard page, click the username in the upper right corner and choose Profile.

    Figure 1 Profile

  3. Click the Mobile OTP tab.
  4. In the displayed Mobile OTP dialog box, bind a mobile OTP application as prompted.

    Before binding, make sure the time of the bastion host is consistent with that of the mobile phone.

    1. WeChat applet access token

      Start WeChat on the mobile phone, obtain the dynamic password for binding according to the operation guide, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound.

    2. App-based mobile OTP

      Start the installed mobile OTP application, scan the QR code in step 2 to obtain a dynamic password, and enter the 6-digit dynamic password. After the verification, the mobile OTP application is bound to you.

  5. Refresh the page.

Unbinding a Mobile OTP Application

Click Unbind on the Mobile OTP tab to unbind the mobile OTP application.

After the unbinding, refresh the page.

Figure 2 Unbinding a mobile OTP application