You can enable users to scan a Centrify generated QR code (using a third party authenticator application or the Centrify application) to authenticate to Privileged Access Service. A one-time-passcode (OTP) is displayed and users can use that OTP to log in to Privileged Access Service. You can direct users to Using OTPs to authenticate.
Additionally, you can upload existing OATH tokens and allow users to authenticate using the one-time passcode generated from those tokens. See Importing OATH tokens in bulk.
Important: You must configure an authentication rule with the OATH OTP mechanism enabled in the associated authentication profile for the relevant policy. If you do not have this configured, users will not be able to authenticate using the QR code. See Creating authentication rules.
To enable the OTP policy
- Log in to Admin Portal
- Click Access > Policies.
- Select a policy set or create a new one.
- Click User Security Policies > OATH OTP.
- Select Yes in the Allow OATH OTP Integration drop down.
- Click Save.
- Enable users to configure an OATH OTP client.
Click User Account Settings.
The User Account Setting window opens.
- Select Yes in the Enable user to configure an OATH OTP client.
- Enter a user-friendly name (for example the name of the OTP client used by your organization) in the OATH OTP Display Name text field. This name is what users will see.
- Select an authentication profile to require users to provide additional authentication before they can access the QR code.
- Click Save.