PingID Administration Guide

Enable users to enter an OTP with their username

The PingID RADIUS PCV with EAP-MSCHAPv2 only works in no-challenge mode. Your users can enter a one time passcode (OTP) with their username when signing on in no-challenge mode.

About this task

The following authentication methods are supported for this mode.

User experience:

  • If a mobile App user wants to authenticate using swipe or RADomS client username field.enter the OTP in the RADIUS client username field.

  • When using a Desktop app or YubiKey, or if the user’s mobile App is offline, then the user should add a comma after their username and then the OTP.

    For example, user John can enter the OTP 123456 as John,123456.

  • If the user is registered with multiple devices supported by this mode, an OTP generated by any one of those devices will authenticate the user.

  • This mode does not support on-the-fly registration.

To configure the NPS to enable users to enter an OTP together with their username:

Steps

  1. Sign on to the Windows server and open the Network Policy Server (NPS) configuration window.

  2. In the NPS tree, under Policies click Connection Request Policies.

    Connection Request Policies window
  3. In the Connection Request Policies list, double-click your policy to view the policy properties.

  4. Click the Settings tab, and in the Specify a Realm Name section, click Attribute.

    Connections Properties showing the Settings tab
  5. In the Attribute field, select User-Name.

  6. Click Add.

  7. In the Attribute Manipulation Rule window, enter the following and then click OK:

    • Find: (.),(.)

    • Replace with: $1

      Attribute Mainpulation Rule window showing the Find and Replace fields.

      To add the OTP (or Yubikey OTP) the user should add a comma after their username and then enter the OTP.

      For example, user John can enter the OTP 123456 as John,123456.