ULTIMATE
Feature Deprecation
Please note that the Policies feature, including OTP Policy configuration, was deprecated in qibb v1.43.0 and will be removed in qibb v1.45.0.
Functionality will be replaced by a custom configuration request via our service desk (Ultimate subscription required). Ultimate customers can request login and policy configuration through a support ticket. Otherwise, default configuration will apply based on industry best practices.
TOTP (Time-based One Time Password) is one of the supported two-factor authentication methods which works together with a companion app installed on the user's mobile device.
Currently, the following mobile apps are supported for two-factor authentication processes:
|
Mobile App |
Download |
|---|---|
|
Google Authenticator |
|
|
FreeOTP Authenticator |
|
|
Microsoft Authenticator |
How does OTP work?
The token generator will hash the current time and a shared secret. The server validates the OTP by comparing all the hashes within a certain window of time to the submitted value. TOTPs are only valid for a short window of time (defined by the OTP Token period).
OTP Policy Options
The following parameters can be defined to adjust the OTP policy:
|
|
Description |
|---|---|
|
OTP Type |
The Type of OTP. Currently, only Time-based OTP is supported. |
|
OTP Hash Algorithm |
The hashing algorithm which will be used to generate the OTP. |
|
Number of Digits |
The number of digits the OTP should have. |
|
Look Ahead Window |
Defines how far ahead should the server look just in case the token generator and server are out of sync. |
|
OTP Token Period |
Defines how many seconds an OTP token should be valid. |