Enable users to enter an OTP with their username in MS-CHAP v2 mode
PingOne RADIUS Gateway with MS-CHAP v2 only works in no-challenge mode.
About this task
Your users can enter a one-time passcode (OTP) with their username when signing on in no-challenge mode. To do this, a custom separator should be added to the Network Policy Server (NPS). The same custom separator must also be configured in the DaVinci flow. For information, see the PingOne RADIUS gateway connector documentation.
For example, adding a comma separator enables the user to enter the OTP in the format <username>,OTP
. For user John
, OTP 123456
is entered as John,123456
.
To configure the NPS to enable users to enter an OTP together with their username:
Steps
-
Sign on to the Windows server and open the Network Policy Server (NPS) configuration window.
-
In the NPS tree, under Policies click Connection Request Policies.
-
In the Connection Request Policies list, double-click your policy to view the policy properties.
-
Click the Settings tab, and in the Specify a Realm Name section, click Attribute.
-
In the Attribute list, select User-Name.
-
Click Add.
-
In the Attribute Manipulation Rule window, enter the following and then click OK:
-
Find:
(.)<custom separator>(.)
-
Replace with:
$1
-