Generating a One-Time Password by Approvers
When a user requests a one-time password to access a Client computer, the user's request is sent to the email addresses of the trusted users (i.e. Approvers) specified while adding or editing the Client (or Client group) on the Authentication Options tab, in the Two-Factor and Secondary Authentication section, in the Users Who can Approve Access drop-down list).
The user's request is also displayed on the Access Requests tab of the Access Requests page.
NOTE: If either the "Automatically send one-time passwords to Active Directory users" checkbox or the "Automatically send one-time passwords to internal users" checkbox is enabled, the corresponding types of users receive the one-time password automatically, without requiring approval.
An Approver can then process a request to generate a one-time password either by clicking the link in an email received or on the Access Requests tab, and the password is then generated and sent to the user’s email address automatically.
By default, if a user's password request is not processed (by an Approver) within 30 minutes after it has been submitted, the request will automatically expire (where this setting can be changed on the System Settings tab on the Configuration page).
NOTE: For an internal user to receive the one-time password correctly, make sure that a valid email address is defined on the User Details tab when editing or adding the user.
To generate a one-time password, by approving a request on the Access Requests tab, do the following:
1. Log in to the Management Tool as the user who has been listed as an Approver for the request.
2. Click the Access Requests navigation link (on the left).
3. On the Access Requests page, on the Access Requests tab, click the Approve link next to the required one-time password request (on the right).
5. Optionally, enter a comment, and then click Confirm.
6. A one-time password is then generated and sent to the user's email address automatically.
Alternatively, to generate a one-time password without a request from a user on the Access Requests tab, do the following:
1. Log in to the Management Tool.
2. Click the Access Requests navigation link (on the left).
3, On the Access Requests page, click the Access Requests tab, and then select Generate Password in the drop-down list.
4. The One-Time Password Generation pop-up window opens.
5. Enter or select the following parameters and then click Generate:
• Client name: Select the required Client from the drop-down list.
• User name: Enter the user name for local users, or enter the domain name for Active Directory users.
• User’s confirmation email: Enter the user’s email address, which the one-time password generated will be sent to.
• Comment: Enter your own comment or use the default one (the default value is: Generated without request.).
6. The one-time password is then generated and sent to the user's email address specified automatically.