<ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm"class="urlextern"title="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm"rel="nofollow">Time based One Time Password</a> (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what <ahref="https://en.wikipedia.org/wiki/Google_Authenticator"class="urlextern"title="https://en.wikipedia.org/wiki/Google_Authenticator"rel="nofollow">Google Authenticator</a> or <ahref="https://freeotp.github.io/"class="urlextern"title="https://freeotp.github.io/"rel="nofollow">FreeOTP</a> use.
</p>
<p>
LLNG can propose to users to register this kind of software to increase authentication level.
</p>
<divclass="notetip">Note that it's a second factor, not an authentication module. Users are authenticated by both login form and TOTP.
In the manager (advanced parameters), you just have to enable it:
</p>
<ul>
<liclass="level1"><divclass="li"> TOTP ⇒ Activation: set it to “on”</div>
</li>
<liclass="level1"><divclass="li"> TOTP ⇒ Self registration: set it to “on” <em>(to display this application on the menu, create an application that points to <ahref="https://auth.your.domain/totpregister.html"class="urlextern"title="https://auth.your.domain/totpregister.html"rel="nofollow">https://auth.your.domain/totpregister.html</a>)</em></div>
<liclass="level1"><divclass="li"> TOTP ⇒ Authentication level: you can overwrite here auth level for TOTP registered users. Leave it blank keeps auth level provided by first authentication module <em>(default: 2 for user/password based modules)</em>. <strong>It is recommended to set an higher value here if you want to give access to some apps only to users enrolled</strong></div>
<liclass="level1"><divclass="li"> TOTP ⇒ Issuer: default to portal hostname</div>
</li>
<liclass="level1"><divclass="li"> TOTP ⇒ Interval: interval for TOTP algorithm (default: 30)</div>
</li>
<liclass="level1"><divclass="li"> TOTP ⇒ Range: number of additional intervals to test (default: 1)</div>
</li>
<liclass="level1"><divclass="li"> TOTP ⇒ Digits: number of digit of codes (default: 6)</div>
</li>
</ul>
<divclass="noteimportant">If you want to use a custom rule for “activation” and want to keep self-registration, you must include this in your rule that <code>$_totp2fSecret</code> is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
If you've enabled self registration, users can get their key using <ahref="https://portal/totpregister.html"class="urlextern"title="https://portal/totpregister.html"rel="nofollow">https://portal/totpregister.html</a>