.. _googleotp:

Configuring MFA with OTP
===============================

One Time Passcode can be used to verify identity by prompting to enter
a code only known to the person possessing the registered Authenticator App.

In order to enable MFA using OTP App, you will need to create a new Radius Policy.

Step 1 - Create a new Radius Policy
-----------------------------------

#. Navigate to Policy in the top panel
#. In the left window, click on Radius Policy
#. Click on Tasks and select Create
#. Enter Name for Radius Policy
#. Under the Conditions section, select the criteria to match on
#. Click Add 
#. Scroll down to the Policy Section
#. Set Access Policy to 'Continue' (this allows for the MFA challenge)
#. Set 2-Step Authentication to 'OTP'
#. Click Create

.. note:: Status can be left in 'Disabled' mode until you are ready to test.

.. note:: In order for MFA using OTP to function, ensure the OTP App is installed on your mobile device.

Step 2 - Test / Validate
------------------------

1. Connect using the Genian |product_name| Connection manager
2. Right-click on the tray icon
3. Select Network Access and then site name to connect
4. Sign in with user ID/password 
5. A 'OTP' window should display
6. Click 'Confirm' to begin the process to issue a new security key
7. On the next page, select the 'QR-Code' option and click 'Generate Security Key'
8. On your mobile device, open the Authenticator App and click the + sign
9. Scan the QR Code that was generated in the previous step
10. On the next page, enter the 6-digit code displayed in the Authenticator App
11. If code is correct, |product_name| Connection Manager should update that you are now connected