Requesting a One-Time Password and Logging In
The process of logging in to the Client computer with the Allow the use of one-time passwords option enabled is as follows:
1. The user logs in to Windows in the usual way (either locally or remotely).
2. The Client displays a pop-up window requesting the user to enter a one-time password.
3. The user clicks the Request One-Time Password button, and requests a one-time password on the second pop-up window that opens, depending on what options are enabled, either:
• If neither the Automatically send one-time passwords to Active Directory users checkbox nor the Automatically send one-time passwords to internal users checkbox is enabled, the following pop-up window is displayed, where the user needs to enter their Email address, and then click the Request button:
• If the Automatically send one-time passwords to Active Directory users checkbox is enabled, the following pop-up window is displayed, where the user just needs to click the Request button.
NOTE: Alternatively, the user can select the "I need emergency access to computer" option, and then enter their Email address (see above).
• If the Automatically send one-time passwords to internal users checkbox is enabled, the following pop-up window is displayed, where the user needs to enter their internal Management Tool user Login name and Password, and then click the Request button.
NOTE: Alternatively, the user can select the "I need emergency access to computer" option, and then enter their Email address (see above).
4. The user sees the message that the one-time password has been sent to them, and receives the password by email.
5. The user enters the one-time password received by email into the Password field in the first pop-up window (where the Email address is now displayed automatically).
6. These credentials are then sent to the Application Server, and the Application Server returns the response on whether access to this computer is permitted. If the email address and the one-time password are correct and the one-time password was generated for this Client computer and for this user, then the user is allowed to access the Client computer. Otherwise, the user will receive a message saying that they are denied access.
7. As soon as the user has logged in to the system, the Client will start recording their activity and the user’s email address will be displayed in the Management Tool in the list of Client Sessions in the User Name column in brackets, i.e: <logged in user> (<user’s email address>).
NOTE: The one-time password received can only be used once, and must be used within the time period that is specified in the Access Request Expiration Time section (on the Configuration page, on the System Settings tab), where the default value is 30 minutes. If the user does not use the one-time password within the specified time period, it will expire automatically. The one-time password can also only be used to log into the Client computer which it was requested from.
NOTE: If an email with the password generated is required to be resent for any reason, the user can request it again. However, a new one-time password for logging in to the same Client computer cannot be requested more often than once per hour.