One-time Password

The OTP authentication connection can only be used as second factor with another authentication connection type. The configuration settings offered for OTP are:

  • Order of factors: supported values are either "Authenticator", "Sms", "Email" or OS2faktor. Specifies which one the system will preferably use to send a user his password. When error occurs, for example email address or mobile phone number is not found, the system will fallback to the next factor.
  • One Time Password length: Length in digits of the password that is sent to the user on email or SMS. It is not used for "Authenticator" OTP.
  • One Time Password lifetime: The time in seconds that a sent password can be used before it expires. It is not used for "Authenticator" OTP.
  • Max input attempts: The maximum number of times that a user can try to insert password on the authentication page before his authentication will be set as failed.
  • SMS claim type: The claim type that a user’s mobile number will be extracted from. The system will initially look to see if the user has a value for this claim in the local storage. If not, it will get the value from the incoming token’s external claim, if value exists here. It is not used for "Authenticator" OTP.
  • Email claim type: The claim type that a user’s email will be extracted from. The system will initially look to see if the user has a value for this claim in the local storage. If not, it will get the value from the incoming token’s external claim, if value exists here. It is not used for "Authenticator" OTP.
  • Additional connection settings: the default key value pairs {connector, otpapps} to specify the connector type which is required for Safewhere Admin. Do not modify the default required keys.
  • Encrypt secret code: whether secret code in database (which is used for communicating between Identify and the time-base one time password provider e.g. Google Authenticator, Microsoft Authenticator...) is encrypted. It is only used for "Authenticator" OTP.