If you are planning to use on-demand password, e.g. Deepnet T-pass, and your VPN system supports RADIUS Challenge/Response, then you should consider deploying a Two-Step logon procedure. However, you can deploy the on-demand password in a One-Step logon procedure, if you have to.
In a One-Step logon process with an On-Demand password, users will be asked to enter their password when they attempt to logon.
Where do users get their On-Demand passwords? DualShield provides two options that help users to get their on-demand passwords.
Pre-Delivery
The T-Pass authenticator in DualShield will automatically send a new password to the user each time when the user has successfully logged in. Pre-Delivery is a policy option in T-Pass Policy:
The very first password has to be pushed out by the administrator to the user from the Management Console or by the user from Self-Service Console. Subsequently, users can use the passwords received after previous logins.
Delivery by Commands
Users can request a password to be sent in real time by entering a T-Pass delivery command. The T-Pass command has to be entered in the "user name" field:
A T-pass command starts with ">" character, followed by one of the following commands and the username itself.
- >sms
- >text
- >tweet
- >call
- >phone
>sms & >text commands are for sending OTP via SMS text message
>email commands is for sending OTP by email message
>tweet is for sending OTP by twitter direct message
>call & >phone are for sending OTP by voice over telephone calls
If the T-Pass policy requires static password authentication prior to sending OTP, then the user must also enter their static password in the password field.
Users will wait for the password to arrive and then make another attempt to logon and use the password just received.