OTP Token Administration

Hi  Horst Schippmann,

Login to the firewall as Admin account with Read-Write access and navigate to SYSTEM > Profile > Device access : you should be able to create new Device access profile or modify existing profile. 

If you only wants to enable delete,create or reset OTP tokens for the group of the users and other settings as Read-only, select Authentication under Read-write.

Reference Screenshot:

Thanks,

Many thanks for Your answer.

I am a little bit concerned about the other tabs in the Authentication Point.

The token-admins must not be allowed to reset user-passwords or manage authenticacion servers.  

I will check that soon with our customer, and let You know.

Best regards,

Horst

Many thanks for Your answer.

I am a little bit concerned about the other tabs in the Authentication Point.

The token-admins must not be allowed to reset user-passwords or manage authenticacion servers.  

I will check that soon with our customer, and let You know.

Best regards,

Horst

I just checked the configuration. If I allow Identity -> Authentication in the admin-profile as shown, this user can administer the whole Authentication.

He is able to add or remove users from the user-tab or change the authenticaton services. This is not acceptable.

He should only allowed to administer Tokens - Nothing else.

Any additional suggestions?

Best regards,

Horst

Hi Horst Schippmann 

I did replicate the issue and I am able to block features such as Add and Delete new users, but it did enable access to Servers and Services.

I tried with other options as well but it appears that there is no such option to only control OTP tokens.

I would suggest you to create feature request at Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Thanks,

Thanks a lot for Your Help. 

This is exact the state, that I found myself. You acknowlegded this. 

By now we have to manage all new/changed/lost tokens by request from the customer.

This brings a lot of delay because of ticket creation and completion.

I will create a feature request. Maybe its not to do on the XG itself, but creating a kind of a client. 

I think for now we can close this topic.

Kind regards,

Horst

H_Patel said:

Hi Horst Schippmann 

I did replicate the issue and I am able to block features such as Add and Delete new users, but it did enable access to Servers and Services.

I tried with other options as well but it appears that there is no such option to only control OTP tokens.

I would suggest you to create feature request at Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Thanks,

 

H_Patel said:

Hi Horst Schippmann 

I did replicate the issue and I am able to block features such as Add and Delete new users, but it did enable access to Servers and Services.

I tried with other options as well but it appears that there is no such option to only control OTP tokens.

I would suggest you to create feature request at Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Thanks,

 

H_Patel said:

Hi Horst Schippmann 

I did replicate the issue and I am able to block features such as Add and Delete new users, but it did enable access to Servers and Services.

I tried with other options as well but it appears that there is no such option to only control OTP tokens.

I would suggest you to create feature request at Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Thanks,

 

H_Patel said:

Hi Horst Schippmann 

I did replicate the issue and I am able to block features such as Add and Delete new users, but it did enable access to Servers and Services.

I tried with other options as well but it appears that there is no such option to only control OTP tokens.

I would suggest you to create feature request at Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Thanks,