cancel
Showing results for 
Search instead for 
Did you mean: 

Need for exporting users from a a few TOTP (Google Authenticator) Servers

Occasional Contributor

Need for exporting users from a a few TOTP (Google Authenticator) Servers

I have looked everywhere in our Pulse Secure MAG2600 (8.2R9) as well in the PSA3000 (8.3R6) but can't find this option.
Exporting the Config and importing it, does show that the users are there.
But this overwrites the entire config. Not what I wanted.
Export in XML does not seem to export the users of the TOTP (It does contain the TOTP configuration though). Can't find them anyway with a find in the XML code.

Can someone shed some light on this?

3 REPLIES 3
Contributor

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

This is a comment and not an answer.

In XML there is no information about keys or secrets. That kind of information usually leave inside the export config.

Because the id of an OTP is the secret of that authentication mechanism it should never be reveled in the XML file.

I think PS should make a especial import (like exists for the certificates) to make this migrations possible.

Occasional Contributor

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

Not true.

In XML you already have the encrypted-password for the Local Auth Servers. So there is information for the Local Auth Servers, but not for the TOTP Auth Servers.
You can use this to import the Local users with their password. What is the difference with the TOTP servers? None: In both cases you should have the ability to export this. Or following your logic, create something special for the Local and TOTP Users.

Suppose you would wanna split your current SSLVPN-cluster in two different clusters (Company splitting up for example). That would mean exporting your Local and TOTP Users and importing them in 2 different clusters, some auth servers on either this or that Cluster... At the moment the only way to do it, would be to binary export, then charge it on the two systems and remove all the unwanted stuff afterwards. This could be a huge issue if the cluster was already existing and you needed to add some of the information to it...

Could someone of Pulse Secure shed a light on this?

Moderator

Re: Need for exporting users from a a few TOTP (Google Authenticator) Servers

Unfortunately, yes, there is no way to move TOTP between servers