In password-then-transsmsotp, the user provides their IBM® Security Verify password. Then, an SMS message with an OTP value is sent to the
phone number in the user's profile. A RADIUS challenge requests the OTP value.
The password-then-transsmsotp you set must match the authentication method
you set for users in IBM Security Verify.
-
In the installation directory on your Windows system where you installed IBM Verify Gateway for RADIUS, edit the IbmRadiusConfig.json configuration
file to set the
auth-method to password-then-transsmsotp:
{
"address":"::",
"port":1812,
"trace-file":"c:/directory-name/ibm-auth-api.log",
"ibm-auth-api":{
"client-id":"client-id",
"client-secret":"client-secret",
"protocol":"https",
"host":"hostname.ice.ibmcloud.com",
"port":443,
"max-handles":16
},
"clients":[
{
"name":"hostname.company.com",
"address": "ip-address",
"secret":"your-secret",
"auth-method":"password-then-transsmsotp"
},
-
Save the changes.
-
In
password-then-transsmsotp authentication, the login flow is as
follows:
- The user must provide their IBM Security Verify password.
- An SMS message with an OTP value is sent to the phone number in the user's profile.
Your passcode is: 9131-963017.
It expires in 5 minutes.
- The user must enter the OTP value,
963017 in this example, in response to the
ENTER MFA INFORMATION prompt and press Enter to
continue.ICH70008I IBM MFA Message:
Enter OTP 9131:963017
IKJ56469I ENTER MFA INFORMATION:
Enter
the OTP value in the Password field if TSO pre-prompt is not enabled.