Configuring MFA with OTP

One Time Passcode can be used to verify identity by prompting to enter a code only known to the person possessing the registered Authenticator App.

In order to enable MFA using OTP App, you will need to create a new Radius Policy.

Step 1 - Create a new Radius Policy

  1. Navigate to Policy in the top panel

  2. In the left window, click on Radius Policy

  3. Click on Tasks and select Create

  4. Enter Name for Radius Policy

  5. Under the Conditions section, select the criteria to match on

  6. Click Add

  7. Scroll down to the Policy Section

  8. Set Access Policy to 'Continue' (this allows for the MFA challenge)

  9. Set 2-Step Authentication to 'OTP'

  10. Click Create

Note

Status can be left in 'Disabled' mode until you are ready to test.

Note

In order for MFA using OTP to function, ensure the OTP App is installed on your mobile device.

Step 2 - Test / Validate

  1. Connect using the Genian NAC 6.0 Connection manager

  2. Right-click on the tray icon

  3. Select Network Access and then site name to connect

  4. Sign in with user ID/password

  5. A 'OTP' window should display

  6. Click 'Confirm' to begin the process to issue a new security key

  7. On the next page, select the 'QR-Code' option and click 'Generate Security Key'

  8. On your mobile device, open the Authenticator App and click the + sign

  9. Scan the QR Code that was generated in the previous step

  10. On the next page, enter the 6-digit code displayed in the Authenticator App

  11. If code is correct, NAC 6.0 Connection Manager should update that you are now connected