42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
---
|
|
layout: default
|
|
title: Time-based One-Time Password
|
|
nav_order: 1
|
|
parent: Second Factor
|
|
grand_parent: Features
|
|
---
|
|
|
|
# Time-based One-Time Password
|
|
|
|
**Authelia** supports Time-base one-time password generated by apps like [Google Authenticator].
|
|
|
|
<p align="center">
|
|
<img src="../../images/2FA-TOTP.png" width="300">
|
|
<img src="../../images/google-authenticator.png" width="150" class="no-border" style="margin-left: 50px">
|
|
</p>
|
|
|
|
|
|
After having successfully completed the first factor, select **One-Time Password method**
|
|
option and click on **Not registered yet?** link. This will e-mail you to confirm your identity.
|
|
|
|
*NOTE: If you're testing **Authelia**, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*
|
|
|
|
Once this validation step is completed, a QR Code gets displayed.
|
|
|
|
<p align="center">
|
|
<img src="../../images/REGISTER-TOTP.png" width="400">
|
|
</p>
|
|
|
|
You can then use [Google Authenticator] to scan the code in order to register your device.
|
|
|
|
From now on, you get tokens generated every 30 seconds that
|
|
you can use to validate the second factor in **Authelia**.
|
|
|
|
|
|
## Limitations
|
|
|
|
Users currently can only enroll a single TOTP device in **Authelia**.
|
|
Multiple single type device enrollment will be available when [this issue](https://github.com/authelia/authelia/issues/275) has been resolved.
|
|
|
|
[Google Authenticator]: https://google-authenticator.com/
|