Skip to main content
McAfee Enterprise MVISION Cloud

About One-time Passwords

One-time passwords (OTPs) can be processed on Secure Web Gateway to authenticate users. This includes the use of passwords for authorized overriding when a web session has terminated due to quota expiration.

When a user sends a request for web access, authentication is first performed using one of the other authentication methods that are available on Secure Web Gateway, for example, authentication based on information stored in the internal user database.

If the use of one-time passwords is configured, this authentication method is performed as a second step. Secure Web Gateway informs the user that a one-time password is also needed for web access and upon the user's request for such a password, it forwards the user name to a Skyhigh Security One Time Password (OTP) server and asks the server to provide a password.

If the request is granted, the Skyhigh Security OTP server returns a one-time password, which is, however, not exposed to Secure Web Gateway. In its response, the OTP server also includes what is called "context" information in a header field.

The context information lets the password field and submit button in the page that was presented to the user be activated, so the user can click the button, which submits the one-time password and lets the user access the requested web object.

To implement the use of one-time passwords on Secure Web Gateway, you can import a rule set from the rule set library. After importing the rule set, default settings are provided, which you can configure to adapt them to the needs of your network.

The settings that need to be configured include the IP address or host name of the OTP server and the port on this server that listens to requests from Secure Web Gateway.

A user name and password for Secure Web Gateway to authenticate to the OTP server are also required.

If the communication between Secure Web Gateway and the OTP server should be SSL-secured, you need to import a certificate for use in this communication.

The OTP server must be configured for working with Secure Web Gateway to handle the authentication process.

One-time passwords for authorized overriding

When quota restrictions are imposed on web usage from within your network, a one-time password can be used as the password that is required to override the termination of a web session due to quota expiration.

To implement the use of one-time passwords for authorized overriding, you can import a different rule set from the library, which also allows you to configure the settings for the authentication process.

Using one-time passwords from a McAfee Pledge device

One-time passwords for authenticating users or performing an authorized override can be provided by a Skyhigh Security Pledge device.

To enable this method of using one-time passwords for the authentication process, you need to implement suitable rule sets, which you can import from the rule set library. Settings for the authentication process are implemented with the import.

For more information on working with a Skyhigh Security Pledge device, refer to the documentation for this product.

  • Was this article helpful?