Two-Factor Authentication (TOTP) for PC Type Devices - icom Connectivity Suite - VPN

  • Updated on Nov 20, 2024
  • Published on Nov 6, 2024
Prev Next

A two-factor authentication using TOTP can be set up for devices of the type PC to increase security.

The two-factor authentication adds another security level to the login via the (with or without password protection) certificate by requiring the additional input of a one-time password. The password will be generated by an app on a separate device (e.g. smartphone) via the TOTP (Time-based One-time Password) algorithm. During setup, the app delivering the TOTP must be synchronized (one-time) with the device of type PC in the icom Connectivity Suite. TOTP is an open standard and a variety of apps are available for various platforms such as the Open Source software FreeOTP. Since the one-time passwords are generated time-based and only valid for a limited time, it is necessary that the time on the separate device is accurate and synchronised regularly.

Note regarding the user interface!

The two-factor authentication can currently only be configured on the classic user interface. See this note.

Proceed as follows to enable the two-factor authentication for the device of the type PC.

Prerequisites

You are logged in to the icom Connectivity Suite - VPN

The device for which two-factor authentication is to be enabled is already created

You have opened the Devices tab

  1. Click on the Manage button () in the row of the device.

  2. Click on the Setup TOTP for this device button.

  3. Scan the displayed QR code using the TOTP app.

  4. Generate the one-time password in the app and enter it in the icom Connectivity Suite - VPN.

  5. Click on Setup One Time Password.

  6. Click on the Download button () in the row of the device.

  7. Import this configuration file in the OpenVPN client of your PC and initiate a connection.

  8. Enter the following for authenticating the connection:
    User name: insys
    Password: a one-time password from your TOTP app

    Private key password: the password for the certificate that has been entered when creating the device of the type PC– if no password has been configured here, the certificate is not password-protected and no key will be requested

The OpenVPN client connects to the icom Connectivity Suite.

Proceed as follows to disable the two-factor authentication for the device of the type PC.

Prerequisites

You are logged in to the icom Connectivity Suite - VPN

The two-factor authentication is enabled for the device concerned

You have opened the Devices tab

  1. Click on the Manage button () in the row of the device.

  2. Click on the Disable TOTP for this device button.

You have disabled the two-factor authentication for this device again.

Please note!

After disabling the two-factor authentication, you have to download the configuration file again and import it in the OpenVPN client of your PC again. If a password for encrypting the certificate does not exist as well, there will be no authentication for a new connection.

Please note!

If a two-factor authentication is disabled for a device, it should also be deleted from the app. If it is activated again, it needs to be set up in the app again.