Example ScenarioĪ new user is setting up their 3rd party application or service 2FA security and wants to record their credentials in Passportal, including the TOTP for 2FA authentication. The Permission Password: TOTP Add/Remove is required in order to add or remove TOTP to a credentialĪdding TOTP to a Credential requires the alpha-numeric code presented to you when setting up 2FA for the application or service itself, and then verifying the 2FA setup using the TOTP code generated in Passportal. This means there are no code failure issues caused by devices set to an incorrect time, incorrect or different timezones, etc. In most cases, the application's 2FA verification process uses UTC time - we recommend to check with the supplier if you are unsure.Passportal utilizes Hashicorp TOTP Vault to generate codes - this means that the server time on the Passportal regional host server is not used in the generation of the TOTP.RFC6238 states that the code generator ( Passportal) and the verifier (the secured application) should both be working on UTC time: Time Differences between Passportal and the 2FA Secured Application If your session times out on the browser extension, you will not be able to re-authenticate and you will require assistance to get this reset, potentially causing a delay in access to your Passportal account. Make sure not to store your log-in credentials for Passportal in Passportal itself, especially if you have TOTP associated to that account. With the TOTP configured in the stored Credential in Passportal, all technicians with access to the Credential can use that TOTP to authenticate when accessing a clients devices or environment. Immediate benefit over a 3rd Party TOTP serviceīy configuring a Credential with a TOTP generated by Passportal, technicians and engineers no longer have to tie individual authentication accounts to their own authentication tools on their mobile devices. The generated unique codes are also time bound, and so will expire every 30 seconds.Īll TOTP seed codes are encrypted at rest and stored separately from the credentials they reference in their own database on separate infrastructure. Most popular 2FA apps, such as Google Authenticator, Microsoft Authenticator, Duo, Authy, etc., support TOTP. TOTP's are a common form of 2FA (Two-Factor Authentication), generated unique numeric codes by an algorithm that uses the current time as an input. Passportal Credentials can be configured to include a Time-based One-Time Password (TOTP).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |