- Users must have an Authenticator app installed on their devices that can scan a QR code (such as Google Authenticator, Microsoft Authenticator, or Authy)
- Make sure the GreenRADIUS server time is accurate. Refer to our date and time configuration guide.
- In GreenRADIUS, in the Global Configuration tab > User Portal screen, make sure the following settings are configured under the "OATH Software tokens" section:
- Allow token self-registration: "Yes"
- Token status on assignment: "Enabled"
- OATH algorithm for soft tokens: "TOTP"
- It is recommended to configure a token label in GreenRADIUS so that users can distinguish their Authenticator app token from other tokens they may have in their app (for personal accounts, etc.). To configure the token label, navigate to the Configuration tab under the GreenRADIUS domain, then enter the token label in the "Token Label Prefix for Google Authenticator" field.
- In a web browser, navigate to the Self Service
https://<ip address of GRVA>/.
Click the "Assign a Token" button. You will then be prompted to log in with your username and password. (If you already have a token assigned, you will be prompted to log in with your assigned token as well.)
Once you have logged in, select the "Google Authenticator" option at the top of the screen.
- Using your Authenticator app of choice, scan the QR code. Once you do, it will be displayed as a token in the app:
- In the browser, click Proceed. (This is an extremely important step, as clicking Proceed registers the token in GreenRADIUS.) You will be prompted to verify your new Authenticator token by entering the current OTP:
- Once the token is assigned, you will see a success message:
- You can now use your Authenticator token as a second factor.
© 2022 Green Rocket Security Inc. All rights reserved.