Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need for exporting users from a a few TOTP (Google Authenticator) Servers

Mario
Occasional Contributor
‎08-31-2018 01:30:AM
‎08-31-2018 01:30:AM

Need for exporting users from a a few TOTP (Google Authenticator) Servers

I have looked everywhere in our Pulse Secure MAG2600 (8.2R9) as well in the PSA3000 (8.3R6) but can't find this option.
Exporting the Config and importing it, does show that the users are there.
But this overwrites the entire config. Not what I wanted.
Export in XML does not seem to export the users of the TOTP (It does contain the TOTP configuration though). Can't find them anyway with a find in the XML code.

Can someone shed some light on this?

0 Kudos
3 REPLIES 3
flipPipe
Frequent Contributor
‎09-17-2018 03:04:AM
‎09-17-2018 03:04:AM

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

This is a comment and not an answer.

In XML there is no information about keys or secrets. That kind of information usually leave inside the export config.

Because the id of an OTP is the secret of that authentication mechanism it should never be reveled in the XML file.

I think PS should make a especial import (like exists for the certificates) to make this migrations possible.

0 Kudos
Mario
Occasional Contributor
‎09-17-2018 05:48:AM
‎09-17-2018 05:48:AM

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

Not true.

In XML you already have the encrypted-password for the Local Auth Servers. So there is information for the Local Auth Servers, but not for the TOTP Auth Servers.
You can use this to import the Local users with their password. What is the difference with the TOTP servers? None: In both cases you should have the ability to export this. Or following your logic, create something special for the Local and TOTP Users.

Suppose you would wanna split your current SSLVPN-cluster in two different clusters (Company splitting up for example). That would mean exporting your Local and TOTP Users and importing them in 2 different clusters, some auth servers on either this or that Cluster... At the moment the only way to do it, would be to binary export, then charge it on the two systems and remove all the unwanted stuff afterwards. This could be a huge issue if the cluster was already existing and you needed to add some of the information to it...

Could someone of Pulse Secure shed a light on this?

0 Kudos
zanyterp
Moderator
Moderator
‎03-06-2019 09:18:AM
‎03-06-2019 09:18:AM

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

Unfortunately, yes, there is no way to move TOTP between servers
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.