Related ArticlesAuthentication SchemesExample - How to Install andConfigure YubiRADIUSSSL Client CertificateAuthenticationHardware Token Authentication using SSL Client CertificatesThe token or smart card contains an SSL client certificate which is used to authenticate to the system. Some vendors require software installed onthe client, or card readers depending on the solution.SafeNet iKey 2032Aladdin eToken PROHardware Token Authentication using RADIUS IntegrationOther hardware token authentication servers use a built-in or external RADIUS server. The Barracuda SSL VPN queries the RADIUS server as apart of its multi factor authentication process. This way OTP and CryptoCard tokens can be used.RSA SecurIDVASCO Digipass TokenSecure Computing SafewordSafeNet iKeyThis product uses a small USB device typically carried on your key chain. It uses SSL client certificates to present a certificate to the BarracudaSSL VPN. The user also has to enter a secret pass phrase, further improving security. The client computer must have a special utility (CIP)installed, which uploads the certificate on the USB token to the windows certificate store. The browser then uses this certificate whenauthenticating to the Barracuda SSL VPN.Aladdin eToken PROSimilar to the SafeNet iKey the Aladdin eToken uses an SSL client certificate to authenticate. It also uses a special software, which has to bemanually installed on every client computer.RSA SecurIDRSA SecurID uses its built-in RADIUS server to enable communication between the appliance and the RSA server. In combination with an ActiveDirectory user database this method is especially powerful as account management may be centrally managed with both the appliance and RSAAuthentication Manager reading accounts from your Active Directory domain.VASCO DigipassA VASCO server can authenticate with the Barracuda SSL VPN via an external RADIUS server. The VASCO server currently does not include aRADIUS server.Secure Computing SafewordSafeword servers include a RADIUS feature that can be used to authenticate to the Barracuda SSL VPN. Note that Safeword requires an ActiveDirectory database and Internet Authentication Server (IAS) installed on the Domain Controller.How to Configure One-Time Password (OTP) AuthenticationOne-time passwords (OTPs) are passwords that can only be used once in a predefinedtime frame, usually just minutes. You can configure the Barracuda SSL VPN to sendthe OTP to users by either email or SMS. OTPs do not require any special hardware orinfrastructure. Any device that receives email or SMS can be used to receive the OTP.To configure the Barracuda SSL VPN to send OTPs by email, configure theSMTP server and the OTP settings.To configure the Barracuda SSL VPN to send the OTPs by SMS, configure theSMTP server, the OTP settings, and an SMTP to SMS service.