The PingID RADIUS PCV with EAP-MSCHAPv2 only works in no-challenge mode. Your users can enter a one time passcode (OTP) with their username when signing on in no-challenge mode.
The following authentication methods are supported for this mode.
User experience:
- If a mobile App user wants to authenticate using swipe or RADomS client username field.enter the OTP in the RADIUS client username field.
- When using a Desktop app or YubiKey, or if the user’s mobile App is offline,
then the user should add a comma after their username and then the OTP.
For example, user John can enter the OTP 123456 as John,123456.
- If the user is registered with multiple devices supported by this mode, an OTP generated by any one of those devices will authenticate the user.
- This mode does not support on-the-fly registration.
To configure the NPS to enable users to enter an OTP together with their username:
-
In the NPS tree, under Policies
click Connection Request Policies.
-
Click the Settings tab, and in the Specify a
Realm Name section, click
Attribute.
-
In the Attribute Manipulation Rule window, enter the
following and then click OK:
- Find:
(.*),(.*) - Replace with:
$1
Note:To add the OTP (or Yubikey OTP) the user should add a comma after their username and then enter the OTP.
For example, user
Johncan enter the OTP123456asJohn,123456. - Find: