Dell SonicWall SRA 4200 Administrator's Manual page 47

How Does the SRA One Time Password Feature Work?
The SRA administrator can enable the One Time Password feature on a per-user or per-domain
basis. To enable the One Time Password feature on a per-user basis, the administrator must
edit the user settings in the SRA management interface. The administrator must also enter an
external email address for each user who is enabled for One Time Passwords. For users of
Active Directory and LDAP, the administrator can enable the One Time Password feature on a
per-domain basis.
Enabling the One Time Password feature on a per-domain basis overrides individual "enabled"
or "disabled" One Time Password settings. Enabling the One Time Password feature for
domains does not override manually entered email addresses, which take precedence over
those auto-configured by a domain policy and over AD/LDAP settings.
In order to use the SRA One Time Password feature, the administrator must configure valid mail
server settings in the Log > Settings page of the SRA management interface. The
administrator can configure the One Time Password feature on a per-user or per-domain basis,
and can configure timeout policies for users.
If the email addresses to which you want to deliver your SRA One Time Passwords are in an
external domain (such as SMS addresses or external webmail addresses), you will need to
configure your SMTP server to allow relaying from the SRA appliance to the external domain.
For information about how to configure Microsoft Exchange to support SRA One Time
Password, see the Dell SonicWALL SRA One Time Password Feature Module, available online
at:
http://www.sonicwall.com/us/Support.html
For users enabled for the One Time Password feature either on a per-user or per-domain basis,
the login process begins with entering standard user name and password credentials in the
SRA interface. After login, users receive a message that a temporary password will be sent to
a pre-defined email account. The user must login to the external email account and retrieve the
one-time password, then type or paste it into the appropriate field in the SRA login interface.
Any user requests prior to entering the correct one-time password will re-direct the user to the
login page.
The one-time password is automatically deleted after a successful login and can also be
deleted by the user by clicking the Cancel button in the SRA interface, or will be automatically
deleted if the user fails to login within that user's timeout policy period.
Configuring One Time Passwords for SMS-Capable Phones
SRA One Time Passwords can be configured to be sent via email directly to SMS-capable
phones. Contact your cell phone service provider for further information about enabling SMS
(Short Message Service).
Below is a list of SMS email formats for selected major carriers, where 4085551212 represents
a 10-digit telephone number and area code.
•
•
•
•
•
•
•
•
Verizon: 4085551212@vtext.com
Sprint: 4085551212@messaging.sprintpcs.com
AT&T PCS: 4085551212@text.att.net
Cingular: 4085551212@mobile.mycingular.com
T-Mobile: 4085551212@tmomail.net
Nextel: 4085551212@messaging.nextel.com
Virgin Mobile: 4085551212@vmobl.com
Qwest: 4085551212@qwestmp.com
SRA Overview | 47