Skip to main content
日本語 简体中文 繁體中文

[Access Control] How to Set Up OTP for Administrator Login

Target

  • Administrator of Access Control
  • Administrator configuring One-Time Password (OTP) for admin login

Purpose

  • This explains how an Administrator of Access Control can require an OTP (One-Time Password) in addition to an ID and Password when logging in.

Notes

  1. The content of this article is based on the product as of July 2025 and may be updated without notice thereafter.
  2. When this procedure is implemented, all users belonging to the configured Access Policy Group will require an OTP at login. Ensure that OTP is configured for all target users before starting operations.
  3. In case of loss of a mobile device or inability to enter OTP, it is recommended to store an emergency OTP.
    ※ For issuing an emergency OTP, refer to the section "Using the 'Emergency OTP Token'" in the article below.
    [Access Control] OTP Issuance Method and Expiration Date
  4. If the Access Policy for administrators and users is the same, setting OTP will require OTP for login for all users to whom the policy applies. Change the administrator's Access Policy according to requirements.
    [Access Control] Creating / Editing Access Policy Groups
    [Access Control] Assigning Access Policy Groups to Users

Procedure

1. Access [Access Control] - [Access Policy Groups] from the Administration screen.

2. Check the target policy and perform one of the following procedures depending on the presence of an administrator policy.

※ If the policy setting is [Never allow OTP to be skipped] or [Allow OTP to be skipped when], OTP is already configured, so this procedure is unnecessary.

If an Access Policy Group for administrators exists
※ This is the procedure to modify an existing Access Policy. Perform this if the initial setup is complete.

If an Access Policy Group for administrators does not exist
※ This is the procedure to set up a new Access Policy. Perform this if the initial setup is not complete.

If an Access Policy Group for administrators exists

1. Open the Access Policy Group for administrators and confirm that [Change OTP shared key] and [Change OTP notification email] are [Always allow] or [Allow when] and that the current access source is allowed.
※ If it is set to [Never allow], change it to [Always allow] and press [Save Changes].
※ If your security policy limits OTP settings to either OTP app or email, only allow the corresponding setting.

2. Select [User Portal] from the menu at the top right of the Administration screen.

3. Click [OTP (One-Time Password) Settings] from the menu at the top right of the portal screen to configure OTP.

※ For detailed setup procedures, please refer to the articles below.

4. Return to the Administration screen and issue an emergency OTP token for the administrator account in the Edit User screen.

If OTP configuration fails, login with the emergency OTP will be required. Be sure to issue and keep it.

5. Edit the Access Policy Group for administrators.

※ For detailed editing procedures, please refer to the article below.
[Access Control] Creating / Editing Access Policy Groups

The settings are as follows:

  • [Skip OTP authentication]: Never allow OTP to be skipped

6. Log out from the Access Control portal screen.

7. Confirm that you can log in to the Access Control Administration screen using OTP with the administrator account.

※ For a login image, please refer to the article below.
[Access Control] Login Image Using One-Time Password

If an Access Policy Group for administrators does not exist

1. In the Access Control Administration screen, create a new Access Policy Group for administrators.

※ For detailed creation procedures, please refer to the article below.
[Access Control] Creating / Editing Access Policy Groups

Configure as follows and press [Save].

  • [Display Name]: "Administrator Access Rule" etc.
    ※ Set an optional display name.
  • [Condition to allow access]: Set according to your security policy.
  • [Skip OTP authentication]: Always allow OTP to be skipped
    ※ If you make it mandatory before setting OTP, you will not be able to log in. Please be careful.
  • [Change OTP shared key]: Always allow
  • [Change OTP notification email]: Always allow
  • [Allowed services]: Check all

※ If your security policy limits OTP settings to either OTP app or email, only allow the corresponding setting.

2. Assign the created Access Policy Group to the administrator.

※ For detailed assignment procedures, please refer to the article below.
[Access Control] Assigning Access Policy Groups to Users

In the Edit User screen, configure the following items.

  • [Access Policy] - [Access Policy Group]: Select the Access Policy Group created in step 1.
  • [OTP] - [OTP emergency token]: "Add new"
    ※ If OTP configuration fails, you will not be able to log in, so be sure to issue and keep it.
    ※ For emergency OTP, refer to the section "Using the 'Emergency OTP Token'" in the article below.
    [Access Control] OTP Issuance Method and Expiration Date

3. Select [User Portal] from the menu at the top right of the Administration screen.

4. Click [OTP (One-Time Password) Settings] from the menu at the top right of the Access Control portal screen to configure OTP.

※ For detailed setup procedures, please refer to the articles below.

5. Return to the Administration screen and configure OTP in the Access Policy Group for administrators.

※ For detailed creation procedures, please refer to the article below.
[Access Control] Creating / Editing Access Policy Groups

Configure as follows and press [Set as Expiring].

  • [Skip OTP authentication]: Always allow OTP to be skipped → Never allow OTP to be skipped

6. Log out from the Access Control portal screen.

7. Confirm that you can log in to the Access Control Administration screen using OTP with the administrator account.

※ For a login image, please refer to the article below.
[Access Control] Login Image Using One-Time Password