OTP Server configuration - SSO
Enabling the method
The OTP Server API is installed by default and visible in the Ubisecure Management console.
Home → System → OTP Server
|
|---|
Enabling the method
The first configuration step is to specify which OTP methods the OTP Server can have access to.
First add the method to the site by navigating to System → OTP Server → Site Methods → Add Method… and select the desired OTP method.
Next enable the method for the application by navigating to System → OTP Server → Applications → OTP Server → Allowed Methods and enabling the method.
Confirm the changes by clicking "Update".
|
|---|
| Enabling the OTP Method |
Access control to API
HTTP Basic Authentication is used to identify and authorize users for access to the API. The users and corresponding credentials that have the authority to make OTP Server REST calls are configured within the Ubisecure SSO Management console. The authorized user must be in the "OTP Server Admins" group and the password.1 method must be enabled for the user. The credentials for the HTTP Basic authentication are the same as the password set for the password.1 method.
|
|---|
| Members of the group "OTP Server Admins Group" have the authority to make OTP Server REST calls. |
For instance, if the user "apiuser2" is a member "OTP Server Admins" group as shown above and the password for the user is "changeit", the corresponding credentials, e.g. username and password for the HTTP Basic Authentication would be "OTP Server Admin" and "changeit".
|
|---|
| apiuser2belongs to the "OTP Server Admins"group and thus has the authority to make OTP Server REST calls. |
OTP list configuration
OTP List settings are configured via the Ubisecure Management console. Home → Global Method Settings → Method Name
Multiple list types can be configured and used concurrently – for example, a four digit OTP code could be used for log in events and an eight digit OTP code for transaction confirmation.
|
|---|
OTP Window Size (mandatory)
Specifies the number of one-time passwords the user may skip. Minimum value is 1 meaning that the user is not allowed to skip the sequences. Maximum value is 10, meaning that the user may use any of the next 10 OTPs. The purpose of this feature is to enhance usability and if there is no explicit need for this, it is recommended to use the value of 1. Changes for this setting affect also the existing OTP lists.
OTP Length in Digits (mandatory)
Specifies the number of digits in each one-time password. The minimum length is 4 and the maximum length is 8. Changes for this setting affect only the OTP lists generated after the change.
OTP List Length (mandatory)
Specifies the number of one-time passwords in each OTP list. The minimum value is 10 and the maximum value is 1000. Changes for this setting affect only the OTP lists generated after the change.