1.9 KiB
| title | description | lead | date | draft | images | menu | weight | toc | aliases | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| One Time Password | Authelia utilizes one time passwords as one of it's second factor authentication methods. | Authelia utilizes one time passwords as one of it's second factor authentication methods. | 2022-06-15T17:51:47+10:00 | false |
|
230 | true |
|
Authelia supports time-based one-time password generated by apps like Google Authenticator.
{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}
After having successfully completed the first factor, select One-Time Password method option and click on Register device link. This will e-mail you to confirm your identity.
NOTE: If you're testing Authelia, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/
Once this validation step is completed, a QR Code gets displayed.
{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}
You can then use Google Authenticator or an authenticator of your choice to scan the code in order to register your device.
{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}
From now on, you get tokens generated every 30 seconds that you can use to validate the second factor in Authelia.
Limitations
Users currently can only enroll a single TOTP device in Authelia. This is standard practice, as a user can obviously register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of multiple devices it's not a feature we will implement.