Enabling the Use of One-Time Passwords


The use of one-time passwords can only be enabled while editing a Client or editing a Client group, and is only available for Clients installed on computers running the Windows operating system.


To enable the use of one-time passwords for a Client (or for all the Clients in a Client group), do the following:

1. Log in to the Management Tool as a user with the Client Configuration Management permission.

2. Click the Client Management navigation link on the left.

3. On the Client Management page, find the Client which you want to enable the use of one-time passwords for, and click on its name in the Client Name column (or select the Client Groups tab and find the required Client group, and then click on its name in the Client Group Name column).

NOTE: To find specific Clients, the search box and filters at the top of the Client Management page can be used (or to find specific Client groups, the search box at the top of the Client Groups page can be used).

4. On the Editing Client (or Editing Client Group) page that opens, select the Authentication Options tab, scroll down to the Two-Factor and Secondary Authentication section, and select the Allow the use of one-time passwords checkbox, and then do the following:

• In the Users Who Can Approve Access drop-down list, select the users who can approve the one-time password request. The specified users will be able to process the request in one of the following ways: using the link in an email (if an email address is defined for the specified users) or on the Access Requests tab (on the Access Management page) page in the Management Tool. By default, if a request is not processed within 30 minutes after it has been submitted, it will automatically expire. You can change these settings on the System Settings tab on the Configuration page.

- Select the Automatically send one-time passwords to Active Directory users checkbox if you want a one-time password to be generated and sent automatically to the email address defined in the user’s Active Directory account.

- Select the Automatically send one-time passwords to internal users checkbox if you want a one-time password to be generated and sent automatically to Ekran System internal users. Make sure the Ekran System user is granted the user permission to log in.

NOTE: For internal users to receive automatically generated one-time passwords correctly, make sure that a valid email address is defined on the User Details tab on the Editing User / Editing User group page.

     

5. Click the Finish button in the bottom left of the page.