DualShield provides the flexibility that allows you to control how your users should be authenticated. Users can be authenticated with the Static Password (AD Password) only, or One-Time Password only or both the Static Password and One-Time Password (Two-Factor Authentication). In DualShield, how the users are authenticated is controlled by the Logon Procedure.
Static Password
Let us start with the simple Static Password authentication. In the beginning, we created a logon procedure for Astaro UTM with one logon step that contains just Static Password, as below:
Test Logon
Access your user portal by navigating to: https://<YourAstariUTMsIP>
Enter your username and AD password
One-Time Password
Let us now change the logon procedure so that users will be required to authenticate with One-Time Password only.
In the DualShield Management Console, edit the logon procedure for your Astaro Security Gateway UTM application and change the authenticator to “One-Time Password” as below:
Test Logon
You need to assign an One-Time Password token to the test user.
Access your user portal. In the Password field, enter a One-Time Password generated from the user’s token.
Two-Factor Authentication
Now, let us enable two-factor authentication. We will change the logon procedure so that users will be required to authenticate with Static Password followed by One-Time Password, i.e. Static Password + One-Time Password.
In the DualShield Management Console, edit the logon procedure for your Astaro Security Gateway UTM application and change the authenticator to “One-Time Password” as below:
Test Logon
Access your user portal. In the Password field, enter the user’s AD password followed by an One-Time Password generated from the user’s token.
