Requirements
—Ironchip App installed and configured on your device
—Sophos deployed and installed correctly.
Configuration
Go to the Sophos administration panel, and enter the “authentication” section.
Within this section, go to “Multifactor Authentication”, and activate and configure the OTP in this tab.
1— Select whether the OTP is not used, is used, or is used for specific groups and users.
2— Activate this option so that users have to configure the OTP at the next login.
3— Select which services use OTP.
To use OTP with the Administrator account, after configuring these settings, go to Administration, and in that section go to Device Access.
Scroll down to the MFA section, and “activate MFA for the default administrator”.
When you click the “Apply” button, a window will appear in which you must select the option, generate a software token.
A QR code would appear that you should scan with the Ironchip application from the OTP section, and write the administrator's password and the OTP code on the same line: <password><000000>
-png.png?width=639&height=353&name=imageedit_24_9700464173%20(1)-png.png)
From now on, every time a user with OTP authentication enabled goes to enter any of the services configured with OTP, they will have to write the password and the OTP code on the same line: <password><000000>.
Common Errors
Correct Credentials but Denied Access
When logging in, if a user and password+otp are correct, but still does not allow entry, follow these steps:
Go to the Sophos administration panel, and enter the “authentication” section.
-gif-1.gif?width=487&height=967&name=imageedit_2_3780101532%20(1)-gif-1.gif)
Within this section go to “Multifactor Authentication”, and at the end of the page you will find a list of users with OTP enabled.
Click on the synchronization icon of the affected user.
You will have to enter the OTP code for that user account, and execute the synchronization.
