mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
44 lines
1.9 KiB
Markdown
44 lines
1.9 KiB
Markdown
|
---
|
||
|
title: "One Time Password"
|
||
|
description: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
|
||
|
lead: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
|
||
|
date: 2022-03-20T12:52:27+11:00
|
||
|
draft: false
|
||
|
images: []
|
||
|
menu:
|
||
|
overview:
|
||
|
parent: "authentication"
|
||
|
weight: 230
|
||
|
toc: true
|
||
|
aliases:
|
||
|
- /docs/features/2fa/one-time-password.html
|
||
|
---
|
||
|
|
||
|
__Authelia__ supports time-based one-time password generated by apps like [Google Authenticator].
|
||
|
|
||
|
{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}
|
||
|
|
||
|
After having successfully completed the first factor, select __One-Time Password method__
|
||
|
option and click on __Register device__ link. This will e-mail you to confirm your identity.
|
||
|
|
||
|
*NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*
|
||
|
|
||
|
Once this validation step is completed, a QR Code gets displayed.
|
||
|
|
||
|
{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}
|
||
|
|
||
|
You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.
|
||
|
|
||
|
{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}
|
||
|
|
||
|
From now on, you get tokens generated every 30 seconds that
|
||
|
you can use to validate the second factor in __Authelia__.
|
||
|
|
||
|
## Limitations
|
||
|
|
||
|
Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously
|
||
|
register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of
|
||
|
multiple devices it's not a feature we will implement.
|
||
|
|
||
|
[Google Authenticator]: https://google-authenticator.com/
|