Enabling TOTP in the rules of the authentication policy
You can enable TOTP for individual rules in the authentication policy. Users who authenticate through these rules must then enter a TOTP during authentication.
IMPORTANT
Ensure beforehand that affected users can access the captive portal. Otherwise, they will neither be able to enroll for TOTP nor authenticate (see Requirements).
-
Go to Configuration > Users > Authentication, Authentication policy tab.
-
Select the checkbox in the One-time password column for the desired rules, and for which the method is compatible with TOTP (see Requirements). You can also adapt the current authentication policy by creating rules that apply to specific user groups.
During authentication, rules will be scanned in the order of their appearance in the list, so remember to organize them logically by using the Up and Down buttons.
-
Click on Apply.