Time based One Time Password (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what Google Authenticator or FreeOTP use.
LLNG can propose to users to register this kind of software to increase authentication level.
In the manager (advanced parameters), you just have to enable it:
$_totp2fSecret
is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
If you've enabled self registration, users can get their key using https://portal/totpregister.html
If a user lost its key, you may remove it's persistent session using the session explorer.
If you have another TOTP registration interface, you have to populate session (using exported variables) to set these keys:
Name | Value |
---|---|
_totp2fSecret | key handle value, base32 encoded |
_u2fUserKey | user key value, base64 encoded |