authelia/docs/content/en/overview/authentication/one-time-password/index.md

1.9 KiB

title description lead date draft images menu weight toc aliases
One Time Password Authelia utilizes one time passwords as one of it's second factor authentication methods. Authelia utilizes one time passwords as one of it's second factor authentication methods. 2022-03-20T12:52:27+11:00 false
overview
parent
authentication
230 true
/docs/features/2fa/one-time-password.html

Authelia supports time-based one-time password generated by apps like Google Authenticator.

{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}

After having successfully completed the first factor, select One-Time Password method option and click on Register device link. This will e-mail you to confirm your identity.

NOTE: If you're testing Authelia, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/

Once this validation step is completed, a QR Code gets displayed.

{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}

You can then use Google Authenticator or an authenticator of your choice to scan the code in order to register your device.

{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}

From now on, you get tokens generated every 30 seconds that you can use to validate the second factor in Authelia.

Limitations

Users currently can only enroll a single TOTP device in Authelia. This is standard practice, as a user can obviously register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of multiple devices it's not a feature we will implement.