Configure a MAC one-time password mechanism

A one-time password is valid for one session or login. The MAC password is generated by ISAM and can be delivered to the user through Short Message Service (SMS) or e-mail.

This task describes the steps and properties for configuring a MAC mechanism. For information about configuring other providers, see:

Steps

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Policy, click Authentication.
  4. Click Mechanisms.
  5. Click MAC One-time Password.
  6. Click Modify.
  7. Click the Properties tab.
    1. Select a property that we want to configure.
    2. Click Modify.
    3. Enter the value for that property.
    4. Click OK.

  8. Take note of the properties for the mechanism.
    MAC
    Password Character Set
    The character set from which the characters in the one-time password are generated.

    The default is 0123456789.

    Password Length
    The length of the characters in the one-time password.

    The default is 6.

    Store Entry Hash Algorithm
    The hash algorithm used for hashing the one-time password before it is stored in the one-time password store plug-in. The supported algorithms are:
    • SHA1
    • SHA-256
    • SHA-512

    The default is SHA-256.

    Store Entry Lifetime (seconds)
    The length of time the one-time password is stored. The lifetime is in seconds.

    The default is 300.

  9. Click Save.

What to do next

When we configure one-time password providers, a message indicates that changes have not been deployed. If you have finished making changes, deploy them. For more information, see Deploying pending changes. Next, consider configuring the delivery methods for the one-time password. Both SMS and Email delivery are enabled but you will want to configure the delivery properties, such as SMTP server or connection URL, for the environment. See Configure one-time password delivery methods.

Parent topic: Authentication