One Time Passcode (OTP) VPN-New User€¦ · Option 2: Registering a smart phone (Optional) You can do this at any time from home or from work if you have internet access. This will

1

One Time Passcode (OTP) VPN-New User One Time Passcode (OTP) passcode is provided via a smart phone application (OTP) or phone number and will be required every time you utilize VPN. Before proceeding with the steps below, you will need to decide if you would like to receive your code via voice call, text or the OTP app. If you are reading these instructions and you have already used VPN in the past, please complete the steps in Addendum A before proceeding with the below. Step 1. Passcode Delivery

During the initial configuration, it is recommended you perform this within reach of your desk phone as the first passcode you receive will be a voice call to the phone we have in your active directory profile (typically your state issued desk phone). If you do not have access to your phone to answer the call, please follow the below steps to retrieve from voicemail once you follow the process(es) below:

1. Call your VOIP phone number 2. When VM goes to message hit the star key (*), you will next be prompted for your ID number (this is

your 10-digit VoIP Phone number (Your number including the area code) 3. You will be prompted for your PIN number (VM Password, which is the same as if you were at your

desk). 4. Retrieve the message

Option 1: Add an alternate phone number (Encrypted Field) If you’d like to use your state issued or personal mobile phone to receive voice calls or text alerts with your passcode for use with OTP, you can do so by registering the number in the self-service portal. (See Addendum C for screen captures) 1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth39/

Enter your domain login username and submit (if your name exceeds 20 characters, you will need to enter the fully qualified domain name ([email protected])

2. Choose a delivery method for the passcode. If you find there is no phone number option, please contact the helpdesk during business hours at 271-7555 or follow the instructions in Addendum B to access Outlook Web Access (OWA) and add a work phone number for the initial passcode. Once added, restart this process at Step 1.

3. Enter your domain password and Submit. 4. Enter mobile phone number in the (stored encrypted) field and Update 5. Notification will appear in the upper left side that update was successful 6. Email notification will be sent to confirm the user made the change

Option 2: Registering a smart phone (Optional) You can do this at any time from home or from work if you have internet access. This will not expose your phone number. A unique fingerprint of your device is made for this to work, but your number is not saved anywhere. (see Addendum D for screen captures)

1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth37/

2

a. You will see the QR Code Enrollment form Enter your domain login username and submit. (if your name exceeds 20 characters, you will need to enter the fully qualified domain name ([email protected])

2. Choose a delivery method for the passcode. If you find there is no phone number option, please contact the helpdesk during business hours at 271-7555 or follow the instructions in Addendum A to access Outlook Web Access (OWA) and add a work phone number for the initial passcode. Once added, restart this process at Step 1.

2. Enter the passcode and Submit. 3. Enter your domain password and Submit. 4. Follow the instructions on the form.

a. Install the SecureAuth Authenticate app on your smart phone. b. Use the app to scan the QR code.

Now, when connecting to VPN, you can use the passcode shown in the smart phone app (Authenticate) instead of having it delivered by voice or text.

Step 2. Connect to VPN

Connecting to AnyConnect VPN Click on the AnyConnect icon in the system tray (bottom right corner of your screen) Most AnyConnect installs will have the below window pre-populated with multiple options. Users should be able to select that text and enter the new URL. (Until we go fully live users will need to enter this every time. Eventually the AnyConnect profile will include the new OTP URL in the dropdown list, but this hasn’t been implemented yet). After entering your username and password, select an option to receive your one-time passcode via text/voice call, or enter the time-based passcode from the Authenticate app

Connecting to VPN via Browser

3

1. Navigate to https://vpn.nh.gov/graniteotp. 2. Enter your username and password. 3. You will see a window similar to the one below.

a. If you have registered a smart phone, you will have the option to “Enter a time-based passcode”.

b. You will also see the phone and text messages available for your domain account. If you choose this method, enter the number corresponding to the delivery you would like. In the window below, you would enter 1 for phone delivery, etc.

4

Addendum A

Step 1. Remove All SSL VPN Certs You must remove any SSL VPN certificate (s) you have installed. 1. Open Internet Explorer 2. Open the Tools menu and select Internet Options:

(If you don’t see tools, you can select the gear in the top

right hand corner)

3. Select the Content tab and then the Certificates button:

4. Highlight any SecureAuth G3 certificates and select Remove:

5

5. Select Yes when the pop-up notification appears:

6. Close all open Internet Explorer windows and exit out.

6

Addendum B

To access your state issue email either from Outlook (within the state network) or by logging into

OWA at https://owa.nh.gov/owa with username YOUR DOMAIN/firstname.mi.lastname and your

current Windows login password.

Agency OWA URL

Granite Domain OWA includes:

DOE, DAS, DES, Lottery, DOL, DOI, PUC, Banking, Natural &

Cultural Resources, Business and Economic Affairs, Fish and

Game, DRA, Veteran's Home, Agriculture, etc.

NHES - (users must enter "NHES\" before the username in the

Username field),

DHHS (users must enter "DHHS\" before the username in the

Username field),

DOT (users must enter "DOT-JOM\” before the username in

the Username field)

Liquor (users must enter “SPIRITS\” before the username in

the Username field)

https://owa.nh.gov/owa

DOC https://owa.nhdoc.nh.gov/owa

DOJ https://owa.doj.nh.gov/owa

DOS https://owa.dos.nh.gov/owa

1. Select the Settings icon and click Options.

2. Click on General and select My Account.

3. Update Work Phone with the appropriate number

7

Addendum C

1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth39/

Enter your domain login username and submit (if your name exceeds 20 characters, you will need to enter the

fully qualified domain name ([email protected])

2. Choose a delivery method for the passcode.

3. Enter your domain password and Submit.

8

4. Enter mobile phone number in the (stored encrypted) field and Update

5. Notification will appear in the upper left side that update was successful

6. Email notification will be sent to confirm the user made the change

9

Addendum D

1. Open a browser on your laptop or workstation and access https://signon.nh.gov/secureauth37/ You will see the QR Code Enrollment form

Enter your domain login username and submit

2. Choose a delivery method for the passcode

3. Enter the passcode and Submit

10

4. Enter domain password and Submit.

5. Follow on-screen instructions

6. Setup Complete