Requirements

You will need the following to perform the operations described in this technical note:

Prior connection of the SNS firewall to a directory

The SNS firewall must be connected to a directory so that it can display the lists of users and user groups in its modules. By doing so, the users and user groups required to authenticate with a TOTP can be determined during the configuration of the TOTP solution.

You can check this connection in the SNS firewall's web administration interface in Configuration > Users > Authentication, Available methods tab. An LDAP, Kerberos or RADIUS line should appear, depending on whether your SNS firewall is directly connected to an LDAP directory or whether it uses a specific protocol for authentication. For more information, refer to the section on Authentication in the SNS v4 user manual.

Permissions to access the SNS firewall’s captive portal

The SNS firewall’s captive portal must be enabled and users who are required to authenticate with a TOTP must be able to access it. This is because users are enrolled through the captive portal.

You can check the configuration of the captive portal in the SNS firewall's web administration interface in Configuration > Users > Authentication, Captive portal and Captive portal profiles tabs. For more information, refer to the section on Authentication in the SNS v4 user manual.

Allowing users to generate TOTPs

All users who are required to authenticate with a TOTP must have an application on their browsers or mobile devices allowing them to generate TOTPs. You can use, for example, Google Authenticator, Microsoft Authenticator or Authenticator for Firefox.

In this technical note, applications with which TOTPs can be generated are referred to as Authenticators.