Time based One Time Password (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. This is currently what Google Authenticator or FreeOTP use.
LLNG can propose to users to register this kind of software to increase authentication level.
In the manager (advanced parameters), you just have to enable it:
$_2fDevices =~ /“type”:\s*“TOTP”/s
is set, else TOTP will be required even if users are not registered. This is automatically done when “activation” is simply set to “on”.
If you've enabled self registration, users can register their keys by using https://portal/2fregisters
If a user lost its key, you may remove it from manager Second Factor module.
To enable manager Second Factor Administration Module, set enabledModules
key in your lemonldap-ng.ini
file :
[portal] enabledModules = conf, sessions, notifications, 2ndFA
If you have another TOTP registration interface, you have to set these keys in Second Factor Devices array (JSON) in your user-database. Then map it to the _2fDevices attribute (see exported variables):
[{"name" : "MyTOTP" , "type" : "TOTP" , "_secret" : "########" , "epoch":"1524078936"}, ...]