Enable users to enter an OTP with their username
The PingID RADIUS PCV with EAP-MSCHAPv2 only works in no-challenge mode. Your users can enter a one time passcode (OTP) with their username when signing on in no-challenge mode.
About this task
The following authentication methods are supported for this mode.
User experience:
-
If a mobile App user wants to authenticate using swipe or RADomS client username field.enter the OTP in the RADIUS client username field.
-
When using a Desktop app or YubiKey, or if the user’s mobile App is offline, then the user should add a comma after their username and then the OTP.
For example, user John can enter the OTP 123456 as John,123456.
-
If the user is registered with multiple devices supported by this mode, an OTP generated by any one of those devices will authenticate the user.
-
This mode does not support on-the-fly registration.
To configure the NPS to enable users to enter an OTP together with their username:
Steps
-
Sign on to the Windows server and open the Network Policy Server (NPS) configuration window.
-
In the NPS tree, under Policies click Connection Request Policies.
-
In the Connection Request Policies list, double-click your policy to view the policy properties.
-
Click the Settings tab, and in the Specify a Realm Name section, click Attribute.
-
In the Attribute field, select User-Name.
-
Click Add.
-
In the Attribute Manipulation Rule window, enter the following and then click OK:
-
Find:
(.),(.) -
Replace with:
$1
To add the OTP (or Yubikey OTP) the user should add a comma after their username and then enter the OTP.
For example, user
Johncan enter the OTP123456asJohn,123456.
-