An authentication with password or a two-factor authentication using password and TOTP can be set up for devices of the type PC to increase security.
The two-factor authentication adds another security level to the login via the certificate with password protection by requiring the additional input of a one-time password. The password will be generated by an app on a separate device (e.g. smartphone) via the TOTP (Time-based One-time Password) algorithm. For the setup, the app delivering the TOTP must be synchronized (one-time) with the device of type PC in the icom Connectivity Suite. This can be done directly during setup by the administrator or by another person using a temporary link. TOTP is an open standard and a variety of apps are available for various platforms such as the Open Source software FreeOTP. Since the one-time passwords are generated time-based and only valid for a limited time, it is necessary that the time on the separate device is accurate and synchronised regularly.
To create a device of type PC and authentication with password or two-factor authentication using password and TOTP, proceed as described in this Configuration Guide and check the options marked OPTIONAL there accordingly.
Please note!
The device can only connect to the icom Connectivity Suite - VPN once the two-factor authentication setup has been completed. If a link has been sent to a third person for this purpose, this person must open the link before it expires and complete the setup. After the deadline has expired, the device must be deleted and recreated for a new registration.
If only password authentication has been set up, the password must be entered to establish the connection.
If two-factor authentication has been set up using password and TOTP, the password and a one-time password must be entered to establish the connection.
Deactivating the authentication!
It is no longer possible to deactivate authentication. If additional authentication is no longer required, the device must be deleted and added again without authentication.