Overview
- This article details how to configure the Sophos Firewall to add an extra layer of authentication by configuring OTP. OTP stands for one-time password, a password valid only for single login session or transaction.
OTP Automatic configuration
OTP creation method:
- Automatically – Enable ‘Auto-create OTP tokens for users’. The token is created upon initial login.
- Manually – Disable the box for ‘Auto-create OTP tokens for users’ and see section below for Deploying OTP tokens manually.
Configuring OTP on Sophos Firewall with auto-creation.
- Go to Configure -> Authentication -> One-Time-Password and then click Setting.
- Enable One-Time-Password and enable Auto create OTP tokens for users.
Configuring OTP authentication on a client with auto-creation.
- Download the Sophos Authentication Application on your device from app store on Android,IOS,Windows.
- After enabling OPT, login into the User Portal.
- At login a QR displays on the screen, the user scans this with their smartphone and tablet using the Sophos Authentication App. The application now shown their one-time-passcode.
- Go to User Portal again and login by entering the password with this format: Password of User+ token generated on App
- Example: With OTP it will be:
<password><onetime pass-code>
Deploying OTP tokens manually
- Go to Configure -> Authentication -> One-Time-Password and then click Setting.
- Enable One-Time-Password and not enable Auto create OTP tokens for users.
- Add Manuall OTP tokens for users by going to Authentication -> One-Time-Password and click Add.
- Add Secret and Username (secret is HEX : 0->9 and a-f and long secret min 32 character).
- After adding user click on the info icon.
- Scan the barcode and share with the user via email or any other communication method.
- Note: Enabling OTP for user portal, it also enable it for captive portal and vice versa. This when OTP deployed manually or automatically.
Emergency Account Access
- You can add up to 10 additional codes the user can use if they lose access to their authentication tool and need to login immediately.
- The user would contact the administrator and ask for one of the additional codes.
- You can add these codes by clicking on edit for an existing user. At the bottom of the advanced section, there is a field called additional codes. Click on the + button and automatically create ten codes with six digits each.
Leave a Reply