One-Time Password

One-Time Password: encrypted information containing login accounts and passwords. Currently, in scenarios such as helping clients troubleshoot problems or verifying during system upgrades, supporting staff may need to log in to the client's environment with plaintext account and password information. This may lead to risks such as sharing, storing locally, or leaking account passwords. Therefore, the One-Time Password feature is provided so that Supporting staff can log into the client's environment for work without accessing the real password, within the authorized time range granted by the client.

Version Description

The One-Time Password is a new feature added in SBP 1.4

Business Process Introduction

One-Time Password Business Process

Using the login link of the One-Time Password, you can log in without accessing the client's real password.

Note: This feature is only applicable for customer environments connected to the external network.

Function Introduction

The entire One-Time Password job process involves 4 parts:

• SBP
• Offline
• BPM
• Xinfeng

Below we will provide a detailed introduction to the SBP and Xinfeng systems

SBP Configuration Entrance

• The current login account in the upper right corner> Diagnosis Tool > One-Time Password
• You can control whether to enable this feature for a customer's environment through the command line.
• This feature is not controlled by permission points. Once activated in an environment, it is visible to all users in that environment.

SBP Configuring One-Time Password

• Click on "One-Time Password" to bring up the pop-up window for creating a One-Time Password:

• When you click Submit, a judgment is required:
  • Have all required fields been filled in?
  • Has the compliance statement been checked?
  • The expiration time cannot be earlier than the start time.
  • If all of the above checks are passed, a success popup will appear; guiding the customer to fill in the QR code or token of the one-time password in the trustbee system. The QR code can be downloaded and the token can be copied or viewed. Trustbee system is a hyperlink that can directly open the "Add One-Time Password" drawer in a new page and automatically pass the token information to improve customer operation efficiency.
  • Note: If the customer's environment cannot access the external network, clicking on the trustbee system will jump to a prompt page indicating that the network is not accessible.

• A user can only have one self-created one-time password at the same time. If the current account has created a one-time password, when clicking on the "One-time Password" function again, a popup to view the one-time password will be displayed:
  • One-time password account
  • Start time, year/month/day hour:minute:second
  • End time, year/month/day hour:minute:second
  • System access address,
  • Password information: QR code can be downloaded, token can be copied or viewed.
  • The one-time password can be "terminated in advance". After the operation, a secondary confirmation will appear before the termination takes effect.

Trustbee login

• Login address: https://support.sensorsdata.cn/login
• Supports two login methods: mobile phone number and email; it is recommended to use the mobile phone number login first; if the customer does not have a domestic mobile phone number, email login can be used.
• Before logging in, the customer needs to provide the phone number or email to the Sensors Analytics staff for registration in BPM in advance; otherwise, it cannot be logged in.
• Verification code is required when logging in: Mobile phone number login method will receive the verification code through SMS; Email login method will receive the verification code through email.

• Note: Mobile phone numbers and email addresses cannot be bound. The same person will be treated as two different users when logging in with a mobile phone number and an email separately.

  

Manage one-time password

• After logging in successfully, select the "Authorization Information" > "One-Time Password" menu; you can view, add, invalidate, and edit one-time password information
• You can view the added data that is within the authorization validity period in the one-time password menu list.
• Add a one-time password:
  • Click to show the sliding drawer, and adding is divided into two steps: In the first step, you need to select the adding method: QR code or token (you can get this information after configuring the one-time password in SBP). After filling in, click Next.
  • When clicking Next, the system will verify whether the token can be resolved, whether the customer corresponding to the token is the same as the one to which the login account belongs, and whether the token has been submitted before. After all the above verifications pass, the next step will be entered, and the resolved token information will be displayed and notes can be added.
  • After the user confirms that the resolved information is correct, click Submit to successfully record the one-time password in the Sensors Data system.

• If you no longer want a certain one-time password to be obtained by Sensors Data service personnel even if it is within the authorization validity period, you can click to invalidate it. After the confirmation, the information will be deleted and cannot be obtained by Sensors Data personnel again.
• Because the one-time password information is automatically obtained by the system, only the note can be edited.

SBP One-Time Password Login

• After configuring the one-time password information in the Sensors Data system, Sensors Data personnel will obtain the login link through the internal system and access the login page in the customer's environment, so as to login without touching the customer's real password.

Permission Control

• This function is not subject to permission control. Once it is enabled in an environment, it can be seen by all users in that environment.
• The function whether to enable it in a customer environment can be controlled through the command line.