One-time passwords (OTPs) are passwords that can only be used once in a predefined time frame, usually just minutes. You can configure the Barracuda SSL VPN to send the OTP to users by either email or SMS. OTPs do not require any special hardware or infrastructure. Any device that receives email or SMS can be used to receive the OTP.
- To configure the Barracuda SSL VPN to send OTPs by email, configure the SMTP server and the OTP settings.
- To configure the Barracuda SSL VPN to send the OTPs by SMS, configure the SMTP server, the OTP settings, and an SMTP to SMS service.
Prerequisites for sending OTPs by SMS
If you want to send OTPs by SMS:
- You must have an account for an SMTP to SMS service that can send SMS to cell phones in your country
- Determine the address format for sending SMS over email. Each service provider uses a different format.
- Every user must have the mobile.number attribute set.
Step 1. Configure the SMTP server
Configure the SMTP server that will be used to send the OTPs.
- Select the user database that you want to configure the SMTP server for. To configure an SMTP server for all user databases, select Global View.
- Go to the Manage System > BASIC > Configuration page.
- In the SMTP section, enter the settings for your SMTP server.
- Click Save Changes.
Step 2. Configure the OTP settings
Specify when OTPs are sent, how they are sent, and what kind of OTPs are generated by the Barracuda SSL VPN.
- Go to the Manage System > ACCESS CONTROL > Security Settings page.
- In the One-Time Password section, configure the following settings:
- Send Mode – Select At Login to send the OTP during user logins.
- Method of password delivery – You can select either Email to send the OTP via email or SMS over Email to send the OTP to users' cell phones.
- Generation Type – Select the type of OTP that you want the appliance to generate. If you experience problems with character encoding in your emails or SMS, select ASCII.
- Click Save Changes.
If you configured the Barracuda SSL VPN to send OTPs by email, no additional configurations are required. When the appliance sends an OTP, it obtains the email address of the user from the user database.
Step 3. (If sending OTPs via SMS) Configure the SMTP to SMS service
If you configured the Barracuda SSL VPN to send the OTPs by SMS, provide the information required to connect with the SMTP to SMS service that you are using.
- Open the Manage System > ACCESS CONTROL > Configuration page.
- In the SMS section, enter the following information, depending on the requirements of your SMTP to SMS service provider:
- SMS Gateway Address – The email address for the SMS gateway. A common example would be:
${userAttributes.mobileNumber}@example.com
- SMS Provider Credentials – Usually the credentials and the text are entered here.
- SMS Gateway Address – The email address for the SMS gateway. A common example would be:
- Click Save Changes.
Next Steps
Add the OTP authentication to your authentication scheme. For more information, see Authentication Schemes.