Reference Guide
Multi-Factor Authentication
OTP Configuration for TACACS+ Manager
mfa can also be used with the tacacs+ manager to activate otp for tacacs+ manager pre requisite admin and users have the qr code, installed the single connect mobile app, scanned the qr code with the mobile app, and otp is enabled for the user group that will be using mfa for tacacs+ connections (see sections https //app archbee com/docs/jsymind0w sxaymlkgomr/rtcz2lmpnnq5cvcc0c0qe docid\ e3u2gulcf51dgux s7nh2 , https //app archbee com/docs/jsymind0w sxaymlkgomr/hxrij xtdti9bocp12vm7 docid\ qrhipik cghzw4hrmvxtv , docid\ q04vhhdddgmqe5mojptwf ) connect to single connect cli from the ssh client as a single connect admin user stop tacacs+ function with the command below (do not close the ssh session) systemctl stop kron tacacs log in to the single connect web gui navigate to administration > tacacs management click the search button and from the options menu, delete the configuration in the ssh session, edit the “kron tacacs conf” file with the command vi /u01/kron/etc/kron tacacs conf check the configuration file to see if the parameter below is already configured in it if not, add the lines below if there is a hash (#) sign in front of the parameters, delete the hash (#) sign to activate the parameter if the parameter value is “false”, change it to “true” to type or add anything in the vi editor, first press the insert button on the keyboard, then type in the necessary line press esc to exit typing mode to save the file press esc, then colon ( ), type in “wq!” and press enter if you do not want to save the changes to the file, press esc, then colon ( ), then type in “q!” and press enter the red text red text below may need to be changed for the purposes of single connect installation if the default values are acceptable for the installation, the red text does not need to be added at all otp { enabled = 1; host = otp endpoint webserver ip otp endpoint webserver ip ; port = otp endpoint webserver port, default value 80 otp endpoint webserver port, default value 80 ; cache interval = 300; num digits = 6; ssl = 1 if the otp endpoint webserver is working on https, default value 0 1 if the otp endpoint webserver is working on https, default value 0 ; path status = path of the otpstatus service, default value /twofactorauth ui/rest/tfa/otpstatus; path of the otpstatus service, default value /twofactorauth ui/rest/tfa/otpstatus; path valid = path of the otpvalid service, default value /twofactorauth ui/rest/tfa/otpvalid path of the otpvalid service, default value /twofactorauth ui/rest/tfa/otpvalid ; } restart the tacacs+ function systemctl restart kron tacacs