Table of Contents |
---|
Introduction
...
- Add Title e.g: Acme Authenticator
- Add name e.g: acme.totp.1
- Choose Method Type: SPI TOTP
In the Directory selection choose the Directory Service where user accounts are stored. TOTP method supports all directory types including SQL directories.
...
Then, select the tab "SPI TOTP" to configure the TOTP specific settings.
Management API
The same configuration as above can be created using the Management API. You need to do two separate calls to configure the method and link it to a directory.
/sso-api/method/acme.totp.1
Method | Description | Example payload |
---|---|---|
PUT | Create or update TOTP method. If configuration values are left out the defaults from below will be used. | methodType=SPI TOTP |
/sso-api/directory/Ubilogin%20Directory/$link/method/acme.totp.1
Method | Description | Example payload |
---|---|---|
PUT | Link a directory to the authentication method | No actual payload as the parameters Ubilogin Directory and acme.totp.1 are URL encoded in path variables. |
Configuration explanations
...
Number time steps in the past with valid codes. Can be a number between 0 and 9. Default is 1.
API key: totpWindowBefore
TOTP Future Window
Number time steps in the future with valid codes. Can be a number between 0 and 9. Default is 0.
API key: totpWindowAfter
TOTP Key Generation Configuration
...
The length of TOTP codes in digits. Can be a number between 4 and 8. Default is 6.
API key: totpDigits
TOTP Algorithm
The algorithm in which the TOTP algorithm is based on. Can be either HmacSHA1, HmacSHA256 or HmacSHA512. Default is HmacSHA1.
API key: totpAlgorithm
T0
The Unix time in milliseconds to start counting time steps. Default is 0.
API key: totpT0
Time Step
The duration of one time step in milliseconds. Default is 30000.
API key: totpTimeStep
Key Size
The length of generated keys in bytes. Can be a number between 10 and 99. Default is 20.
API key: totpKeySize
After Configuring the TOTP Method
...
The TOTP specific user information is stored in the built-in Ubisecure Directory regardless of the directory. However TOTP secrets can be managed from Management UI for Ubilogin Directory users only.
Info |
---|
For other directories like SQL directory or external LDAP directory you need to use the TOTP API for managing the secrets. When using Active Directory, you must ensure that the |
In order to activate TOTP authentication method for an Ubilogin Directory user, you must first:
...
After that you can open the TOTP authentication method configuration window for the User, which is shown below.
Manage TOTP authentication method for a Ubilogin Directory user |
In TOTP authentication method configuration window for the User you can either:
...