OTP Generation

End users wishing to generate One Time Passwords must have configured their RADIUS server with an OTP address in the server configuration section and mfa credentials in the mfa section. RADIUS server runs its own HTTP server, allowing them to issue One Time Passwords for their registered User IDs so they can be used to log into the RADIUS client. It authenticates to MIRACL Trust Portal through OIDC protocol.

server:
  address: :1812
  otp_address: :8000
mfa:
  global:
    client_id: <YOUR_CLIENT_ID>
    client_secret: <YOUR_CLIENT_SECRET>

When the user opens the OTP address in their browser for the first time, they are navigated to the login page to create a User ID:

registration

They enter their email and follow the instructions to verify it:

verification

The user needs to open their email and click the verification URL. A screen to enter their PIN is displayed:

create-pin

After entering and confirming their PIN, a simple page with an OTP is displayed:

otp

Note that this page can be styled with the desired configuration as described here.

Now, every time the user opens the OTP page, they are requested to enter their PIN to create a new OTP for login. They can bookmark it for any time they need to generate OTPs in the future.