The PingID RADIUS PCV with EAP-MSCHAPv2 only works in no-challenge mode. Your users can enter a one time passcode (OTP) with their username when signing on in no-challenge mode.
The following authentication methods are supported for this mode.
- If a mobile App user wants to authenticate using swipe or RADomS client username field.enter the OTP in the RADIUS client username field.
- When using a Desktop app or YubiKey, or if the user’s mobile App is offline,
then the user should add a comma after their username and then the OTP.
For example, user John can enter the OTP 123456 as John,123456.
- If the user is registered with multiple devices supported by this mode, an OTP generated by any one of those devices will authenticate the user.
- This mode does not support on-the-fly registration.
To configure the NPS to enable users to enter an OTP together with their username:
- Sign on to the Windows server and open the Network Policy Server (NPS) configuration window.
In the NPS tree, under Policies
click Connection Request Policies.
- In the Connection Request Policies list, double-click your policy to view the policy properties.
Click the Settings tab, and in the Specify a
Realm Name section, click
- In the Attribute field, select User-Name.
- Click Add.
In the Attribute Manipulation Rule window, enter the
following and then click OK:
- Replace with:
To add the OTP (or Yubikey OTP) the user should add a comma after their username and then enter the OTP.
For example, user
Johncan enter the OTP