The One-Time Password Parameter


One-time passwords allow you to improve the security of Windows Client computers. Users are prompted to enter a one-time password while logging into the Client computer.

NOTE: The option to use one-time passwords is only available if you have an activated serial key for the Enterprise Edition of Ekran System.


If the Allow the use of one-time passwords checkbox is selected (on the Editing Client / Editing Client Group page, on the Authentication Options tab, scroll down to the Two-factor and Secondary Authentication section) to enable this option, and users who can approve access are selected from the Users Who Can Approve Access combo box below it, the user will be able to request access to the Client computer from the specified users. Users added as approvers can confirm the one-time password request in one of the following ways: by email (if an email address is defined for the specified users) or on the Access Requests page in the Management Tool. By default, if a request is not processed within 30 minutes after it has been submitted, it will automatically expire. You can change these settings on the System Settings tab on the Configuration page.

If the Automatically send a one-time password to Active Directory users checkbox is selected (on the Editing Client / Editing Client Group page, on the Authentication Options tab, scroll down to the Two-factor and Secondary Authentication section) to enable this option, a one-time password will be generated on the user’s request, and without requiring approval, it will be automatically sent to the email address specified in the Active Directory user account.

If the Automatically send a one-time password to internal users checkbox is selected (on the Editing Client / Editing Client Group page, on the Authentication Options tab, scroll down to the Two-factor and Secondary Authentication section) to enable this option, a one-time password will be generated on the user’s request, and without requiring approval, it will be automatically sent to the email address of the Ekran System internal user.


Note: The use of one-time passwords for internal users cannot be enabled at the same time as secondary user authentication is enabled.