Managing TOTP-enrolled users

This chapter explains how to manage TOTP-enrolled users (status, resetting TOTP enrollments, validity of TOTPs, etc.).

NOTE
The operations explained in this chapter must be performed when the user is logged in to the SNS firewall’s web administration interface at: https://firewall_IP_address/admin.

Checking whether a user is enrolled for TOTP

  1. Go to Configuration > Users > Users.

  2. Click on Filter > Users.

  3. Enrolled users will see their names followed by a green check in the TOTP column. Check the TOTP enrollment status of the user in question.

SNS firewall users window

Checking the validity of a user's TOTP

If a user encounters issues while authenticating with a TOTP, you can check the validity of the TOTPs that they use.

  1. Go to Configuration > Users > Users.

  2. Click on Filter > Users.

  3. Click on the user in question.

  4. Under TOTP, in the TOTP code to be verified field, enter the code in question. If the TOTP section does not appear, this means that the user is not enrolled for TOTP on this SNS firewall.

  5. Click on Check use.

    A message will indicate whether the code is currently valid. Even if a TOTP no longer appears in the user's Authenticator, it may still remain valid for some time, depending on the settings in the TOTP advanced configuration (see Adding and configuring TOTP as an authentication method).

Window to check the validity of a TOTP

Resetting a user’s TOTP enrollment

NOTE
The user must be connected with the admin account to reset the enrollment of an administrator.

  1. Go to Configuration > Users > Users.

  2. Click on Filter > Users.

  3. Click on the user in question.

  4. Under TOTP, click on Reset user's enrollment.

  5. Click on OK.

  6. Ask the user to delete the corresponding account from their Authenticator and to follow the TOTP enrollment procedure all over again.

Window to reset a user’s TOTP enrollment

Resetting the TOTP enrollment of all users (resetting the TOTP database)

NOTE
The user must be connected with the admin account to reset the TOTP database.

  1. Go to Configuration > Users > Authentication, Available methods tab.

  2. Click on TOTP (2FA SNS).

  3. Under Advanced configuration, click on Reset the TOTP database.

  4. Click on Next.

  5. Ask all users to delete the corresponding account from their Authenticator and to follow the TOTP enrollment procedure all over again.

Window to reset a user’s TOTP enrollment

Showing and deleting orphan users from the TOTP database

Orphan users are those found in the TOTP database but cannot be found in the LDAP directories configured on the SNS firewall. You can display the list of orphan users and delete them from the TOTP database.

  1. Go to Configuration > Users > Authentication, Available methods tab.

  2. Click on TOTP (2FA SNS).

  3. Under Advanced configuration, click on Show TOTP orphans.

    The list of users who have not authenticated in the past 3 months (and who cannot be found in the LDAP directories) will appear in the window.

  4. You can change the date of the last authentication taken into account to display the list of orphan users. Click on Chosen date and select the desired date.

  5. Click on Remove. This operation will delete from the TOTP database all orphan users currently shown in the list.

Window to reset a user’s TOTP enrollment