Two-factor OATH authentication with Google Authenticator¶
Google Authenticator allows for adding a dynamic component to a static password for increased account security.
Protocols Supporting OATH Authentication Method¶
When logging in, OATH authentication can be performed either in Challenge-Response mode or by concatenating the dynamic code generated by Google Authenticator to the end of the static password defined in the authentication method, such as password481418.
Please note that not all protocols support this authentication method.
¶ Platform or Protocol Challenge-Response Mode Password + Dynamic Code Logging into Access Gateway available available Logging into Admin Panel available available VNC available available SSH available available RDP available available Telnet 3270 not available available Telnet 5250 not available available Telnet not available available MS SQL(TDS) not available not available HTTP/S not available not available TCP not available not available MySQL not available not available X11 not available not available Modbus not available not available
Configuring the OATH Authentication Method¶
In order to configure default settings for the OATH authentication method, follow the instruction:
- Select > .
- Find and click the user for whom you want to add the OATH authentication method.
- Click .
- From the Type drop-down list, select
OATH
. - Choose the first factor:
Password
, orExternal authentication
.
If Password
is chosen:
- Enter password’s static part.
- From the Token type drop-down list, select
HOTP (counter-based)
. - Enter a secret that will be used by Google Authenticator. Note, that the secret must be a
Base32
encoded value. Alternatively, click . to generate it automatically. Click to show the QR code. - In the Length field, enter
6
.
If External authentication
is chosen:
- Select External authentication source.
- From the Token type drop-down list, select
HOTP (counter-based)
. - Enter a secret that will be used by Google Authenticator. Note, that the secret must be a
Base32
encoded value. Alternatively, click . to generate it automatically. Click to show the QR code. - In the Length field, enter
6
.
- Click .
- Launch Google Authenticator and add new service.
Manual entry | QR Code |
---|---|
Note Click . on the user edit form in the Authentication section to reveal the secret.
|
|
- When logging in, the password string consists of a static password defined in the authentication method and dynamic part generated by the Google Authenticator, e.g.
password481418
.
Related topics: