4.13.8 Time-based OTP (TOTP) Authentication

A Time-based One-time Password (TOTP) is a time-sensitive code used in two-factor authentication (2FA) to provide an extra layer of security for online accounts. It's generated by an algorithm that combines a shared secret key and the current time to produce a unique, short-lived code, displayed in the ZTrust authenticator app.

To configure the TOTP Authentication, follow the below steps -

1. Go to the Authentication tab in the sidebar.

   

   Fig. 4.12.8.a: Navingating to Authentication section

2. Click on the kebab menu (three dots) on the right side of the browser flow. Select Duplicate. A popup will appear.

   

   Fig 4.12.8.b: Duplicating the existing browser flow

3. Provide a Name for the flow, "Time based OTP". Click Duplicate. You will be redirected to the new flow configuration.

   

   Fig 4.12.8.c: Giving a name to the new browser flow for TOTP login

   

   Fig 4.12.8.d: Duplicated browser flow configuration page for TOTP login

4. Delete everything under Time based OTP forms.

   

   Fig 4.12.8.e.a: TOTP browser flow configuration page before deleting executions

   

   Fig 4.12.2.e.b: TOTP browser flow configuration page after deleting executions

5. Click on the plus icon on the right side of the Time based OTP forms. Select Add Execution. A popup will appear to select an execution.

   

   Fig 4.12.8.f: Proceeding to add a new execution to TOTP login flow

6. Search for Advanced Token Authenticator, select it and click Add.

   

   Fig 4.12.8.g: Select 'Advanced Token Authenticator' execution to add

   

   Fig 4.12.8.h: Added TOTP login execution

7. Click on the settings menu (gear icon) on the right side of the Advanced Token Authenticator. A popup will appear to configure the TOTP settings.

   

   Fig 4.12.8.i: Proceeding to configure TOTP login

8. Provide an Alias. Set Number of digits in Token code, Token Code period(in seconds), Secure Key and click Save.

   

   Fig 4.12.8.j: Configuring TOTP login

9. Change Requirement of the Advanced Token Authenticator from Disabled to Required. This will set the flow to be executed when the flow is activated.

   

   Fig 4.12.8.k: Changing the 'Requirement' of TOTP login

10. Click on the Actions, on the top right of the page, and then Bind flow. A popup will appear.

    

    Fig 4.12.8.l: Proceeding to bind the TOTP login flow

11. Select the Browser flow as the binding type and click Save.

    

    Fig 4.12.8.m: Selecting a flow to bind TOTP login to

The Time-based OTP Authentication is enabled now.