4.12.8 Time-based OTP (TOTP) Authentication

A Time-based One-time Password (TOTP) is a time-sensitive code used in two-factor authentication (2FA) to provide an extra layer of security for online accounts. It's generated by an algorithm that combines a shared secret key and the current time to produce a unique, short-lived code, displayed in the ZTrust authenticator app.

To configure the TOTP Authentication, follow the below steps -

  1. Go to the Authentication tab in the sidebar.

    Fig. 4.12.8.a: Navingating to Authentication section

  2. Click on the kebab menu (three dots) on the right side of the browser flow. Select Duplicate. A popup will appear.

    Fig 4.12.8.b: Duplicating the existing browser flow

  3. Provide a Name for the flow, "Time based OTP". Click Duplicate. You will be redirected to the new flow configuration.

    Fig 4.12.8.c: Giving a name to the new browser flow for TOTP login

    Fig 4.12.8.d: Duplicated browser flow configuration page for TOTP login

  4. Delete everything under Time based OTP forms.

    Fig 4.12.8.e.a: TOTP browser flow configuration page before deleting executions

    Fig 4.12.2.e.b: TOTP browser flow configuration page after deleting executions

  5. Click on the plus icon on the right side of the Time based OTP forms. Select Add Execution. A popup will appear to select an execution.

    Fig 4.12.8.f: Proceeding to add a new execution to TOTP login flow

  6. Search for Advanced Token Authenticator, select it and click Add.

    Fig 4.12.8.g: Select 'Advanced Token Authenticator' execution to add

    Fig 4.12.8.h: Added TOTP login execution

  7. Click on the settings menu (gear icon) on the right side of the Advanced Token Authenticator. A popup will appear to configure the TOTP settings.

    Fig 4.12.8.i: Proceeding to configure TOTP login

  8. Provide an Alias. Set Number of digits in Token code, Token Code period(in seconds), Secure Key and click Save.

    Fig 4.12.8.j: Configuring TOTP login

  9. Change Requirement of the Advanced Token Authenticator from Disabled to Required. This will set the flow to be executed when the flow is activated.

    Fig 4.12.8.k: Changing the 'Requirement' of TOTP login

  10. Click on the Actions, on the top right of the page, and then Bind flow. A popup will appear.

    Fig 4.12.8.l: Proceeding to bind the TOTP login flow

  11. Select the Browser flow as the binding type and click Save.

    Fig 4.12.8.m: Selecting a flow to bind TOTP login to

The Time-based OTP Authentication is enabled now.

Previous4.12.7 NFC Based AuthenticationNext4.12.9 Setup of Biometric based Authentication

Last updated