OTP Token Administration

OTP tokens generate one-time passcodes which, when used in combination with your log in details, provide a two-factor authentication system, increasing the security for your Adestra account.

You can manage users' OTP tokens by selecting the relevant users in the Admin section and then the Access Restrictions tab.

On this page:

Each token is assigned to an individual user, and once assigned, must be associated with that user's account.

Associate an OTP token

You can associate a particular token with a particular user by selecting the Associate OTP token link.

Associating a token requires only two steps; entering the serial number and an OTP code.

The serial number is the 13-digit number on the back of the token. You will then need to 'PRESS' the token to generate a one-time passcode, and enter this before clicking 'Submit'.

The token will then be listed as assigned in the Access Restrictions page for the user, with the serial number displayed.

Re-sync token

A count is kept for every time a user's token is pressed to generate a passcode, and the number of times they log in to Adestra. If the token is pressed by accident, and passcodes are generated without being used to log in, the token will become out of sync with Adestra. Each successful log in will re-sync the token, but if the token is accidentally pressed too many times, the user will not be able to log in to Adestra. When this happens the token will need to be re-synced manually, which you can do by clicking the 'Re-sync token' link.

You will need to generate two passcodes from the out-of-sync token, and enter these into the required fields before clicking 'Save'. This will re-sync the token, and the user will be able to log in again.

Disassociate token

Disassociating an OTP token means that the user will no longer need a one-time passcode to log in. However, if they are required by an access restriction to use an OTP token, they will be prompted to associate a token the next time they log in.

You can disassociate a token from a user using the 'Disassociate token' link. Clicking the link will prompt you to confirm that you wish to disassociate the token from the user.

Access Restrictions

OPT tokens can be incorporated into IP access restrictions placed on a user. For example, you may wish to restrict a user to require an OTP token when they log in to Adestra in particular locations. For more examples and to learn how to set up IP restrictions, see the Access Restrictions topic.