Adding and configuring TOTP as an authentication method

This section explains how to add and configure TOTP as an authentication method.

  1. Go to Configuration > Users > Authentication, Available methods tab.

  2. Click on Add a method or Enable a method (according to the version installed on the SNS firewall) and click on One-time password (TOTP).

  3. Under Time-based one-time password (TOTP), select the authentications for which you want to increase security with TOTP.

  4. In TOTP code settings, enter the name of the TOTP issuer.

  5. In Customize the TOTP user enrollment message, change the message that appears on the TOTP enrollment page. Add all the information that will be useful for your users (recommended Authenticator, installation instructions, etc.).

  6. In Advanced properties, you can customize TOTP settings. The default settings are compatible with most authenticators. However, changing these settings may make them incompatible with some authenticators such as Google Authenticator and Microsoft Authenticator, which support only a limited number of settings.

    • Lifetime (s): validity period of a TOTP. The Authenticator will automatically generate a new TOTP when this period expires,

    • Code size: length (number of characters) of generated TOTPs,

    • Number of valid codes before and after current code: period for which a generated code is considered valid, even if its lifetime has expired. This option makes it possible to extend the time allowed to enter the TOTP, which is particularly useful if the time is slightly desynchronized on the SNS firewall and the device on which the Authenticator is installed. For example, a value of "3" means that a generated TOTP is considered valid for the validity period of 3 TOTPs in the past or future. So if a TOTP is valid for 30 seconds, the validity period will therefore be 1m30 before the code is generated and 1m30 after it expires,

    • Hash algorithm: algorithm used when generating TOTPs.

  7. Click on Apply.

IMPORTANT
If you change later the settings of the fields Lifetime (s), Code size and Hash algorithm, you must reset the TOTP database and users who were already enrolled must follow the enrollment procedure all over again.

Configuration of the TOTP authentication method