https://www.sonicwall.com/en-us/support/knowledge-base/170505594681886

Configuring One-Time Passwords
Last Updated: 8/16/2017 1688 Views 14 Users found this article helpful
Description

One-Time Password (OTP) is a two-factor authentication scheme that utilizes system generated, random passwords in addition to standard user name and password credentials. Once users submit the correct basic login credentials, the system generates a one-time password which is sent to the user at a pre-defined email address. The user must retrieve the one-time password from their email, then enter it at the login screen. Select the Require one-time passwords checkbox to enable this functionality requiring SSL VPN users to submit a system-generated password for two-factor authentication.

Each one-time password is single-use. Whenever a user successfully enters a valid user name and password, any existing one-time password for that account is deleted. Unused one-time passwords time out according to the time-out value set on the Users | Settings | User Session Settings interface. Administrators can enable one-time password on a Local User or Local Group basis.

This article describes how to configure one-time password.

Resolution

Configuring OTP involves performing the following steps:

Configure Mail Server Settings

To use the one-time password, the appliance must have access to a correctly configured SMTP server.

Login to the SonicWall management GUI
Navigate to the Log | Automation page.
Enter mail server information under Mail Server Settings.
Image

Enable OTP for a Local User

Navigate to the Users | Local Users page.
Click on Add User (or edit an existing user).
Enter a name and password for the user (for a new user).
Enable check box Require one-time passwords.
Under the E-mail address field enter the email address where the one-time password must be sent.
Click on OK to save.
Image

Alternatively, enable OTP for a Local Group

Enabling one-time password in a group will entail all members of the group to enter a one-time password when connecting. Therefore, each member of the group must be configured with an email address to send the one-time password. LDAP users’ email addresses are retrieved from the server when original authentication is done. Authenticating remote users through RADIUS requires administrators to manually enter enter email addresses in the management interface, unless RADIUS user settings are configured to Use LDAP to retrieve user group information.

Navigate to the Users | Local Groups page.
Click on Add Group (or edit an existing group).
Enter a name for the group.
Enable check box Require one-time passwords.
Image


Testing

When a user enabled with one-time password tries to login to SSL-VPN, the following prompt will appear after the user has been authenticated with the local username and password:

Image

Simultaneously, a temporary password will be sent to the email address configured under the user. Copy and paste the password in the above page. On being authenticated, the following message will be displayed on the browser page:
Image
Categories

Firewalls>SonicWall TZ Series , Firewalls>SonicWall SuperMassive E10000 Series , Firewalls>SonicWall SuperMassive 9000 Series , Firewalls>SonicWall NSA Series

https://www.sonicwall.com/en-us/support/knowledge-base/170505594681886

---
Liquid Layer Networks
SSD Anycast Global Web Hosting
http://www.LiquidLayer.net