Managing OTP Policies
ULTIMATE
Feature Deprecation
Please note that the Policies feature, including OTP Policy configuration, was deprecated in qibb v1.43.0 and will be removed in qibb v1.45.0.
Functionality will be replaced by a custom configuration request via our service desk (Ultimate subscription required). Ultimate customers can request login and policy configuration through a support ticket. Otherwise, default configuration will apply based on industry best practices.
TOTP (Time-based One Time Password) is one of the supported two-factor authentication methods which works together with a companion app installed on the user's mobile device.
Currently, the following mobile apps are supported for two-factor authentication processes:
Mobile App | Download |
|---|---|
Google Authenticator | |
FreeOTP Authenticator | |
Microsoft Authenticator |
How does OTP work?
The token generator will hash the current time and a shared secret. The server validates the OTP by comparing all the hashes within a certain window of time to the submitted value. TOTPs are only valid for a short window of time (defined by the OTP Token period).
OTP Policy Options
The following parameters can be defined to adjust the OTP policy:
Description | |
|---|---|
OTP Type | The Type of OTP. Currently, only Time-based OTP is supported. |
OTP Hash Algorithm | The hashing algorithm which will be used to generate the OTP. |
Number of Digits | The number of digits the OTP should have. |
Look Ahead Window | Defines how far ahead should the server look just in case the token generator and server are out of sync. |
OTP Token Period | Defines how many seconds an OTP token should be valid. |