Managing OTP Policies
ULTIMATE
TOTP (Time-based One Time Password) is one of the supported two-factor authentication methods which works together with a companion app installed on the user's mobile device.
Currently, the following mobile apps are supported for two-factor authentication processes:
Mobile App | Download |
|---|---|
Google Authenticator | |
FreeOTP Authenticator | |
Microsoft Authenticator |
How does OTP work?
The token generator will hash the current time and a shared secret. The server validates the OTP by comparing all the hashes within a certain window of time to the submitted value. TOTPs are only valid for a short window of time (defined by the OTP Token period).
Configuring the OTP Policy of your organization
As an admin, you can configure the OTP policy, which is used for the validation of one-time passwords.
To configure the OTP policy, perform the following steps:
Navigate to the Policies page.
Click on the OTP tab.
Click on the Edit OTP Policies button in the top right corner.
A dialog will appear. Apply the desired changes and click on the Confirm button.
The new policy will be immediately applied.
OTP Policy Options
The following parameters can be defined to adjust the OTP policy:
Description | |
|---|---|
OTP Type | The Type of OTP. Currently, only Time-based OTP is supported. |
OTP Hash Algorithm | The hashing algorithm which will be used to generate the OTP. |
Number of Digits | The number of digits the OTP should have. |
Look Ahead Window | Defines how far ahead should the server look just in case the token generator and server are out of sync. |
OTP Token Period | Defines how many seconds an OTP token should be valid. |