Skip to content

TOTP Configuration

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. TOTP is a popular MFA choice that uses a phone application such as Google or Microsoft Authenticator. The software uses second factor authentication provided by configured TOTP integration to verify users logging in to the software using their mobile app that supports TOTP.

The software supports multiple MFA providers assigned to different users and groups for the purpose of system authentication as well as a default MFA provider.

Note

12Port comes with a default TOTP provider that is enabled and can be used without modification. Use the Management > MFA Rules page to apply this default TOTP provider to users or groups.

Create a new TOTP Provider

If you wish to create your own provider, use the following procedure:

  1. Log in using an Administrator or Configuration Manager account.
  2. Navigate to Configuration > TOTP and click the Add button.

  3. Click on the parameter name for details about each or follow the guidance provided here:

    • Name: Enter a unique, but recognizable name for this TOTP configuration.
    • Algorithm: This parameter defines hashing algorithms for TOTP code generator. The recommended value of this parameter is SHA512. However, while as of the summer of 2024 some applications (such as the Google Authenticator App) support SHA512, many mobile and desktop TOTP applications only support SHA1. Please test all client side TOTP applications for compatibility with the selected hashing algorithm.
    • Label: This parameter overwrites the default label, which is based on the tenant name, for the TOTP code generator in mobile or desktop authentication applications. For example, if your Tenant Name is Production, the default label in the TOTP code generator may display 12Port (Production).
    • Enabled: Enable this integration.

Click the Save button to complete this configuration.

How TOTP Works

After this TOTP configuration has been assigned to a user(s), group(s), or as the default MFA provider, the user will need to use their 12Port registered mobile device as their second factor for authentication.

Here is how the login process occurs from the user's perspective:

  1. The user opens their browser to the tenant's login page and they enter their credentials. They click the Login button to advance.

  2. They are automatically directed to a TOTP Enrollment page. On this page, the user must perform a one-time enrollment using a TOTP Authenticator App on their mobile device with 12Port. This can be done by scanning the QR code or by manually entering the Account and Secret values into their App. Click the Enroll button once the Authenticator App is successfully enrolled.

    TOTP Second Factor Enrollment

  3. After device enrollment, the user will be directed to the TOTP Code page. On this page, enter the TOTP code from the Authenticator app into the Code field and click the Login button to authenticate.

    TOTP Second Factor Code Prompt

Note

To reset a user's existing TOTP registration, an Administrator can open the Reports > Users report, locate the user, and from the Actions menu select the option Reset TOTP. Afterwards, this user's next login will require them to register their device again.