One Time Passcode Configuration

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

One Time Passcode sometimes is called One Time Password or in short - OTP.

OTP can be used as an additional step for the enrollment process. You can specify that a User must also enter a special One Time Passcode to complete the process by navigating to User Enrollment Policies and setting Activation Required? to true. This code will be emailed out to the user during enrollment process.

OTP also can be used as an authentication method. More details here: One Time Passcode

Configuring One Time Passcodes

This configuration can be found in: -

  • One Time Passcode Configuration section in the idenprotect Core Platform Admin Console CONFIG Tab
  • Server file system in /etc/idenprotect/otp.properties
Parameters for One Time Passcode
Parameter in Config Tab Parameter in Properties File Description
Time Step in Seconds totp.time.step.interval.in.seconds How long a passcode is valid for
Time Step Window totp.time.step.window Allowed time slip between client and server
Time based passcode length truncate.totp.to.number.of.digits How many digits the passcode should be
Mac Algorithm otp.mac.algorithm The algorithm for passcode generation (defaulted to HmacSHA1)