OTP Token Authentication failed

Hi Folks,

I played around with the OTP token and the corresponding Sophos App, but I get always a login failed. Did anyone get this Working?

I was adding a new OTP token for a normal user, scanned the QR-Code and tried to login with:

User: username

Pass: password and append the OTP Code

I also tried to synchronize the token but never was able to do so.



  • Niko,

    on which service are you testing OTP? I was able to test OTP on user portal with no issue.


  • In reply to lferrara:

    Hi Luk,

    I was testing on the SSL VPN Portal.



  • In reply to NikoAusländer:

    Hi Niko,

    Can you try by doing offset synchronization like below:

    Let me know the status after that.

  • In reply to NikoAusländer:

    Hi Niko

    I tested the OTP on the lat Sophos XG v16 Update and it works on these tree Services.

    SSL VPN, User portal, Webadmin

    Tri to delete and reconfigure the OTP for your User on the last v16 upgrade.


  • In reply to prateek.singh:

    Hi Prateek,

    of course I tried it, I get an error message: "timeoffset could not be determind". I use the Sophos iOS App to scan the QR code and generate the token.

    It`s strange...

  • In reply to NikoAusländer:

    I'm having the same problem here but in my case, I'm using Microsoft Authenticator on Windows Mobile 10 (which works great for some other services).

    Initial setup in the user portal works fine, even the OTP sync is working (resulting 0sec offset) but login fails afterwards.

    I've tried it using my regular account name, as I did without OTP and even with the account name, the Authenticator is telling me (username@XG's FQDN)...

  • In reply to oxident:

    OTP is still acerb in my opinion.

    User portal works for few minutes if OTP is enabled as wrote.

    Also enabling OTP the Sophos Authentication Agent stops working.

    OTP has to be improved compared to UTM9.

    Hope you plan to do it soon. At moment I am telling to my customers to keep OTP disabled.

  • In reply to lferrara:

    Thanks Luk for clarifying this. Then I'll treat it as a bug ;-)