PingOne

Enable users to enter an OTP with their username in MS-CHAP v2 mode

PingOne RADIUS Gateway with MS-CHAP v2 only works in no-challenge mode.

About this task

Your users can enter a one-time passcode (OTP) with their username when signing on in no-challenge mode. To do this, a custom separator should be added to the Network Policy Server (NPS). The same custom separator must also be configured in the DaVinci flow. For information, see the PingOne RADIUS gateway connector documentation.

For example, adding a comma separator enables the user to enter the OTP in the format <username>,OTP. For user John, OTP 123456 is entered as John,123456.

To configure the NPS to enable users to enter an OTP together with their username:

Steps

  1. Sign on to the Windows server and open the Network Policy Server (NPS) configuration window.

  2. In the NPS tree, under Policies click Connection Request Policies.

    Connection Request Policies window

  3. In the Connection Request Policies list, double-click your policy to view the policy properties.

  4. Click the Settings tab, and in the Specify a Realm Name section, click Attribute.

    Connections Properties showing the Settings tab

  5. In the Attribute list, select User-Name.

  6. Click Add.

    Attribute Manipulation Rule window showing the Find and Replace fields.

  7. In the Attribute Manipulation Rule window, enter the following and then click OK:

    • Find: (.)<custom separator>(.)

    • Replace with: $1

    Connections Properties showing the Settings tab and the custom separator rule