Two-Factor Authentication via TOTP Token

Prerequisite: Installation of Authenticator App on your Mobile Device

The TOTP token requires the installation of an authenticator app on your mobile device (e. g. smartphone, tablet).

There are numerous authenticator apps or OTP clients for Linux/Windows/macOS/iOS available. You can use the authenticator app of your choice. As the SIM-MFA web portal is also provided by privacyIDEA, we recommend to use the latest version of the privacyIDEA Authenticator. Please be aware that we do not provide support for app-specific problems of other apps!

Click here to install the privacyIDEA Authenticator app

Instructions to Rollout the TOTP token

Please note!

In the following, we describe the rollout procedure using the privacyIDEA app!


  1. Open menu entry "Enroll Token" of the SIM-MFA web portal (Fig. 1).

  2. Select token type "TOTP: Time based One Time Password." ("TOTP: Zeitbasiertes Einmalpasswort.") from the drop-down menu in the SIM-MFA web portal (Fig. 1).

  3. TOTP settings

    • "Generate OTP Key on the Server": The check mark is set by default. No need to change that.
    • "Use two-step enrollment with the privacyIDEA Authenticator App": The check mark is not set by default. No need to change that.
    • "OTP length": the authenticator app will generate passwords of this length
      • default: 6
      • recommendation: 8
    • "Timestep": The time duration the generated OTP is valid.
      • default and recommendation: 30 seconds
    • "Hash algorithm":
      • default and recommendation: sha1
    • "Description": optional (may be useful to identify a token in the list of tokens, see menu entry "All Tokens")
  4. Roll out the new token via button "Enroll Token" ("Token ausrollen") (Fig. 1).

  5. The SIM-MFA portal has successfully rolled out the token, shows its serial number TOTP######## and has created the QR code containing a secret key (Fig. 2).

  6. Open the app PrivacyIDEA Authenticator on your mobile device.

  7. Tap the big blue icon ("+" icon in older versions) to add a new token. The app activates the camera.

  8. Scan the QR code of the new token. Please do not scan the QR codes from Fig. 1!

  9. The app will save the token on the mobile device. The token will be available immediately!

Done!

Now, the app continuously generates new OTPs.

Figure 1: Steps 1 - 4 of TOTP-token rollout (click on image for large view)

Figure 2: TOTP token rollout successful and according QR code (click on image for large view)

NOTE

Use QR codes only once! If the procedure fails or you lose the QR code, generate a new one. Never save the code on your local computer or the HPC system.

Manage Tokens

Two-Factor Authentication: Token Management in SIM-MFA web portal