This section provides an introduction to the One Time Password feature. This section contains the following topics:
The SRA One Time Password feature adds a second layer of login security to the standard username and password. A one-time password is a randomly generated, single-use password. The SRA One Time Password feature is a two-factor authentication scheme that utilizes one-time passwords in addition to standard user name and password credentials, providing additional security for Dell SonicWALL SRA users.
The SRA One Time Password feature requires users to first submit the correct SRA login credentials. After following the standard login procedure, the SRA generates a one-time password, which is sent to the user at a pre-defined email address. The user must login to that email account to retrieve the one-time password and type it into the SRA login screen when prompted, before the one-time password expires.
The SRA One Time Password feature provides more security than single, static passwords alone. Using a one-time password in addition to regular login credentials effectively adds a second layer of authentication. Users must be able to access the email address defined by the SRA administrator before completing the SRA One Time Password login process. Each one-time password is single-use and expires after a set time period, requiring that a new one-time password be generated after each successful login, cancelled or failed login attempt, or login attempt that has timed out, thus reducing the likelihood of a one-time password being compromised.
The SRA administrator can enable the One Time Password feature on a per-user or per-domain basis. To enable the One Time Password feature on a per-user basis, the administrator must edit the user settings in the SRA management interface. The administrator must also enter an external email address for each user who is enabled for One Time Passwords. For users of Active Directory and LDAP, the administrator can enable the One Time Password feature on a per-domain basis.
Enabling the One Time Password feature on a per-domain basis overrides individual “enabled” or “disabled” One Time Password settings. Enabling the One Time Password feature for domains does not override manually entered email addresses, which take precedence over those auto-configured by a domain policy and over AD/LDAP settings.
In order to use the SRA One Time Password feature, the administrator must configure valid mail server settings in the Log > Settings page of the SRA management interface. The administrator can configure the One Time Password feature on a per-user or per-domain basis, and can configure timeout policies for users.
If the email addresses to which you want to deliver your SRA One Time Passwords are in an external domain (such as SMS addresses or external webmail addresses), you will need to configure your SMTP server to allow relaying from the SRA appliance to the external domain.
For information about how to configure Microsoft Exchange to support SRA One Time Password, see the Dell SonicWALL SRA One Time Password Feature Module, available online at:
http://www.sonicwall.com/us/Support.html
For users enabled for the One Time Password feature either on a per-user or per-domain basis, the login process begins with entering standard user name and password credentials in the SRA interface. After login, users receive a message that a temporary password will be sent to a pre-defined email account. The user must login to the external email account and retrieve the one-time password, then type or paste it into the appropriate field in the SRA login interface. Any user requests prior to entering the correct one-time password will re-direct the user to the login page.
The one-time password is automatically deleted after a successful login and can also be deleted by the user by clicking the Cancel button in the SRA interface, or will be automatically deleted if the user fails to login within that user’s timeout policy period.
SRA One Time Passwords can be configured to be sent via email directly to SMS-capable phones. Contact your cell phone service provider for further information about enabling SMS (Short Message Service).
Below is a list of SMS email formats for selected major carriers, where 4085551212 represents a 10-digit telephone number and area code.
To configure the SRA appliance to send one-time passwords to an SMS email address, follow the procedure described in Editing User Settings , and enter the user’s SMS address in the E-mail address field.
To verify that an individual user account has been enabled to use the One Time Password feature, login to the SRA Virtual Office user interface using the credentials for that account.
If you are able to successfully login to Virtual Office, you have correctly used the One Time Password feature.
If you cannot login using One Time Password, verify the following:
