Table of Contents
Advertisement
What is One Time Password?
The Secure Mobile Access One Time Password feature adds a second layer of login security to the standard
username and password. A one-time password is a randomly generated, single-use password. The Secure Mobile
Access One Time Password feature is a two-factor authentication scheme that utilizes one-time passwords in
addition to standard user name and password credentials, providing additional security for Secure Mobile Access
users.
The Secure Mobile Access One Time Password feature requires users to first submit the correct Secure Mobile
Access login credentials. After following the standard login procedure, Secure Mobile Access generates a one-
time password that is sent to the user at a pre-defined email address. The user must log in to that email
account to retrieve the one-time password and type it into the Secure Mobile Access login screen when
prompted, before the one-time password expires.
Benefits of One Time Passwords
The Secure Mobile Access One Time Password feature provides more security than single, static passwords
alone. Using a one-time password in addition to regular login credentials effectively adds a second layer of
authentication. Users must be able to access the email address defined by the Secure Mobile Access
administrator before completing the Secure Mobile Access One Time Password login process. Each one-time
password is single-use and expires after a set time period, requiring that a new one-time password be generated
after each successful login, cancelled or failed login attempt, or login attempt that has timed out, thus
reducing the likelihood of a one-time password being compromised.
How Does the One Time Password Feature Work?
The Secure Mobile Access administrator can enable the One Time Password feature on a per-user or per-domain
basis. To enable the One Time Password feature on a per-user basis, the administrator must edit the user
settings in the Secure Mobile Access management interface. The administrator must also enter an external
email address for each user who is enabled for One Time Passwords. For users of Active Directory and LDAP, the
administrator can enable the One Time Password feature on a per-domain basis.
Enabling the One Time Password feature on a per-domain basis overrides individual "enabled" or "disabled"
One Time Password settings. Enabling the One Time Password feature for domains does not override manually
entered email addresses that take precedence over those auto-configured by a domain policy and over AD/LDAP
settings.
In order to use the Secure Mobile Access One Time Password feature, the administrator must configure valid
mail server settings in the Log > Settings page of the Secure Mobile Access management interface. The
administrator can configure the One Time Password feature on a per-user or per-domain basis, and can
configure timeout policies for users.
If the email addresses to which you want to deliver your One Time Passwords are in an external domain (such as
SMS addresses or external webmail addresses), you might need to configure your SMTP server to allow relaying
from the SMA/SRA appliance to the external domain.
For information about how to configure Microsoft Exchange to support Secure Mobile Access One Time Password,
see the Dell SonicWALL Secure Mobile Access One Time Password Feature Module, available online at:
http://www.sonicwall.com/us/Support.html
For users enabled for the One Time Password feature either on a per-user or per-domain basis, the login process
begins with entering standard user name and password credentials in the Secure Mobile Access interface. After
login, users receive a message that a temporary password has been sent to a pre-defined email account. The
user must log in to the external email account and retrieve the one-time password, then type or paste it into
the appropriate field in the Secure Mobile Access login interface. Any user requests prior to entering the correct
one-time password re-directs the user to the login page.
The one-time password is automatically deleted after a successful login and can also be deleted by the user by
clicking Cancel in the Secure Mobile Access interface, or it is automatically deleted when the user fails to login
within that user's timeout policy period.
Dell SonicWALL Secure Mobile Access 8.5
47
Administration Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
