Sophos Firewall: How to configure one-time password (OTP)

Overview

  • This article details how to configure the Sophos Firewall to add an extra layer of authentication by configuring OTP. OTP stands for one-time password, a password valid only for single login session or transaction.

OTP Automatic configuration

OTP creation method:

  • Automatically – Enable ‘Auto-create OTP tokens for users’. The token is created upon initial login.
  • Manually – Disable the box for ‘Auto-create OTP tokens for users’ and see section below for Deploying OTP tokens manually.

Configuring OTP on Sophos Firewall with auto-creation.

  • Go to Configure -> Authentication -> One-Time-Password and then click Setting.
  • Enable One-Time-Password and enable Auto create OTP tokens for users.

Configuring OTP authentication on a client with auto-creation.

  • Download the Sophos Authentication Application on your device from app store on Android,IOS,Windows.

  • After enabling OPT, login into the User Portal.
  • At login a QR displays on the screen, the user scans this with their smartphone and tablet using the Sophos Authentication App. The application now shown their one-time-passcode.

  • Go to User Portal again and login by entering the password with this format: Password of User+ token generated on App
  • Example: With OTP it will be: <password><onetime pass-code>

Deploying OTP tokens manually

  • Go to Configure -> Authentication -> One-Time-Password and then click Setting.
  • Enable One-Time-Password and not enable Auto create OTP tokens for users.
  • Add Manuall OTP tokens for users by going to Authentication -> One-Time-Password and click Add.

  • Add Secret and Username (secret is HEX : 0->9 and a-f and long secret min 32 character).
  • After adding user click on the info icon.

  • Scan the barcode and share with the user via email or any other communication method.

  • Note: Enabling OTP for user portal, it also enable it for captive portal and vice versa. This when OTP deployed manually or automatically.  

Emergency Account Access

  • You can add up to 10 additional codes the user can use if they lose access to their authentication tool and need to login immediately.
  • The user would contact the administrator and ask for one of the additional codes.
  • You can add these codes by clicking on edit for an existing user. At the bottom of the advanced section, there is a field called additional codes. Click on the + button and automatically create ten codes with six digits each.

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.