1 One Time Passcode (OTP) VPN-New User One Time Passcode (OTP) passcode is provided via a smart phone application (OTP) or phone number and will be required every time you utilize VPN. Before proceeding with the steps below, you will need to decide if you would like to receive your code via voice call, text or the OTP app. If you are reading these instructions and you have already used VPN in the past, please complete the steps in Addendum A before proceeding with the below. Step 1. Passcode Delivery During the initial configuration, it is recommended you perform this within reach of your desk phone as the first passcode you receive will be a voice call to the phone we have in your active directory profile (typically your state issued desk phone). If you do not have access to your phone to answer the call, please follow the below steps to retrieve from voicemail once you follow the process(es) below: 1. Call your VOIP phone number 2. When VM goes to message hit the star key (*), you will next be prompted for your ID number (this is your 10-digit VoIP Phone number (Your number including the area code) 3. You will be prompted for your PIN number (VM Password, which is the same as if you were at your desk). 4. Retrieve the message Option 1: Add an alternate phone number (Encrypted Field) If you’d like to use your state issued or personal mobile phone to receive voice calls or text alerts with your passcode for use with OTP, you can do so by registering the number in the self-service portal. (See Addendum C for screen captures) 1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth39/ Enter your domain login username and submit (if your name exceeds 20 characters, you will need to enter the fully qualified domain name ([email protected]) 2. Choose a delivery method for the passcode. If you find there is no phone number option, please contact the helpdesk during business hours at 271-7555 or follow the instructions in Addendum B to access Outlook Web Access (OWA) and add a work phone number for the initial passcode. Once added, restart this process at Step 1. 3. Enter your domain password and Submit. 4. Enter mobile phone number in the (stored encrypted) field and Update 5. Notification will appear in the upper left side that update was successful 6. Email notification will be sent to confirm the user made the change Option 2: Registering a smart phone (Optional) You can do this at any time from home or from work if you have internet access. This will not expose your phone number. A unique fingerprint of your device is made for this to work, but your number is not saved anywhere. (see Addendum D for screen captures) 1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth37/
10
Embed
One Time Passcode (OTP) VPN-New User€¦ · Option 2: Registering a smart phone (Optional) You can do this at any time from home or from work if you have internet access. This will
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
One Time Passcode (OTP) VPN-New User One Time Passcode (OTP) passcode is provided via a smart phone application (OTP) or phone number and will be required every time you utilize VPN. Before proceeding with the steps below, you will need to decide if you would like to receive your code via voice call, text or the OTP app. If you are reading these instructions and you have already used VPN in the past, please complete the steps in Addendum A before proceeding with the below. Step 1. Passcode Delivery
During the initial configuration, it is recommended you perform this within reach of your desk phone as the first passcode you receive will be a voice call to the phone we have in your active directory profile (typically your state issued desk phone). If you do not have access to your phone to answer the call, please follow the below steps to retrieve from voicemail once you follow the process(es) below:
1. Call your VOIP phone number 2. When VM goes to message hit the star key (*), you will next be prompted for your ID number (this is
your 10-digit VoIP Phone number (Your number including the area code) 3. You will be prompted for your PIN number (VM Password, which is the same as if you were at your
desk). 4. Retrieve the message
Option 1: Add an alternate phone number (Encrypted Field) If you’d like to use your state issued or personal mobile phone to receive voice calls or text alerts with your passcode for use with OTP, you can do so by registering the number in the self-service portal. (See Addendum C for screen captures) 1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth39/
Enter your domain login username and submit (if your name exceeds 20 characters, you will need to enter the fully qualified domain name ([email protected])
2. Choose a delivery method for the passcode. If you find there is no phone number option, please contact the helpdesk during business hours at 271-7555 or follow the instructions in Addendum B to access Outlook Web Access (OWA) and add a work phone number for the initial passcode. Once added, restart this process at Step 1.
3. Enter your domain password and Submit. 4. Enter mobile phone number in the (stored encrypted) field and Update 5. Notification will appear in the upper left side that update was successful 6. Email notification will be sent to confirm the user made the change
Option 2: Registering a smart phone (Optional) You can do this at any time from home or from work if you have internet access. This will not expose your phone number. A unique fingerprint of your device is made for this to work, but your number is not saved anywhere. (see Addendum D for screen captures)
1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth37/
a. You will see the QR Code Enrollment form Enter your domain login username and submit. (if your name exceeds 20 characters, you will need to enter the fully qualified domain name ([email protected])
2. Choose a delivery method for the passcode. If you find there is no phone number option, please contact the helpdesk during business hours at 271-7555 or follow the instructions in Addendum A to access Outlook Web Access (OWA) and add a work phone number for the initial passcode. Once added, restart this process at Step 1.
2. Enter the passcode and Submit. 3. Enter your domain password and Submit. 4. Follow the instructions on the form.
a. Install the SecureAuth Authenticate app on your smart phone. b. Use the app to scan the QR code.
Now, when connecting to VPN, you can use the passcode shown in the smart phone app (Authenticate) instead of having it delivered by voice or text.
Step 2. Connect to VPN
Connecting to AnyConnect VPN Click on the AnyConnect icon in the system tray (bottom right corner of your screen) Most AnyConnect installs will have the below window pre-populated with multiple options. Users should be able to select that text and enter the new URL. (Until we go fully live users will need to enter this every time. Eventually the AnyConnect profile will include the new OTP URL in the dropdown list, but this hasn’t been implemented yet). After entering your username and password, select an option to receive your one-time passcode via text/voice call, or enter the time-based passcode from the Authenticate app
1. Navigate to https://vpn.nh.gov/graniteotp. 2. Enter your username and password. 3. You will see a window similar to the one below.
a. If you have registered a smart phone, you will have the option to “Enter a time-based passcode”.
b. You will also see the phone and text messages available for your domain account. If you choose this method, enter the number corresponding to the delivery you would like. In the window below, you would enter 1 for phone delivery, etc.
4
Addendum A
Step 1. Remove All SSL VPN Certs You must remove any SSL VPN certificate (s) you have installed. 1. Open Internet Explorer 2. Open the Tools menu and select Internet Options:
(If you don’t see tools, you can select the gear in the top
right hand corner)
3. Select the Content tab and then the Certificates button:
4. Highlight any SecureAuth G3 certificates and select Remove:
5
5. Select Yes when the pop-up notification appears:
6. Close all open Internet Explorer windows and exit out.
6
Addendum B
To access your state issue email either from Outlook (within the state network) or by logging into
OWA at https://owa.nh.gov/owa with username YOUR DOMAIN/firstname.mi.lastname and your