Configuring a MAC one-time password mechanism

A one-time password is valid for one session or login. The MAC password is generated by Security Verify Access and can be delivered to the user through Short Message Service (SMS) or e-mail.

About this task

This task describes the steps and properties for configuring a MAC mechanism. For information about configuring other providers, see:

• Configuring an HOTP one-time password mechanism
• Configuring a TOTP one-time password mechanism
• Configuring an RSA one-time password mechanism

1. Log in to the local management interface.
2. Click AAC.
3. Under Policy, click Authentication.
4. Click Mechanisms.
5. Click MAC One-time Password.
6. Click .
7. Click the Properties tab.
   1. Select a property that you want to configure.
   2. Click .
   3. Enter the value for that property.
   4. Click OK.
8. Take note of the properties for the mechanism.

   MAC

   Password Character Set

   The character set from which the characters in the one-time password are generated.

   The default is 0123456789.

   Password Length

   The length of the characters in the one-time password.

   The default is 6.

   Store Entry Hash Algorithm

   The hash algorithm that is used for hashing the one-time password before it is stored in the one-time password store plug-in. The supported algorithms are:

   • SHA1
   • SHA-256
   • SHA-512

   The default is SHA-256.

   Store Entry Lifetime (seconds)

   The length of time that the one-time password is stored. The lifetime is in seconds.

   The default is 300.

   Delivery Selection Template Page

   Override the path of the delivery selection template page that displays the list of methods for generating, delivering, and verifying the one-time password. Allows for the page branding or user experience to be customized.

   If no path is specified, the default path /authsvc/authenticator/macotp/delivery_selection.html is used.

   Login Template Page

   Override the path of the login template page that displays the form where the user can enter the MAC one-time password. Allows for the page branding or user experience to be customized.

   If no path is specified, the default path /authsvc/authenticator/macotp/login.html is used.

   Error Template Page

   Override the path of the error template page that displays errors during the MAC one-time password authentication. Allows for the page branding or user experience to be customized.

   If no path is specified, the default path /authsvc/authenticator/macotp/error.html is used.

   Email Delivery Template

   The path of the XML template to use for the email message. If no path is specified, the default path /otp/delivery/email_message.xml is used.

   SMS Delivery Template

   The path of the XML template to use for the SMS message. If no path is specified, the default path /otp/delivery/sms_message.xml is used.

9. Click Save.

What to do next

When you configure one-time password providers, a message indicates that changes have not been deployed. If you have finished making changes, deploy them. For more information, see Deploying pending changes.

Next, consider configuring the delivery methods for the one-time password. Both SMS and Email delivery are enabled but you will want to configure the delivery properties, such as SMTP server or connection URL, for your environment. See Configuring one-time password delivery methods.