How to enable HOTP/TOTP based multi factor authentication

TAC is capable of supporting One Time Password (OTP)  as Two-Factor Authentication (2FA). Enabling TOTP or HOTP based authentication will enable  end users to generate a 6 digit pass code using a multi-factor authenticator application on their mobile device in order to access a TAC Site or application.

Setting up multi-factor authentication repository in TAC.

  1. Open the TAC Configuration console and select Authentication and Authorization Servers from the Configuration menu.
  2. Click Add.
  3. In the Configure Authentication\Authorization servers window;
    1. In the Type field, select "One-Time password (HOTP/TOTP) based" .
    2. Enter a name for the repository.
    3. Enter OTP valid period by seconds. Default is 30 seconds.
    4. Enter a Display name for the authenticator. This name will be shown as the provider name in the authenticator app.
    5. Select Hash login if you need to mask the user name in the Authenticator application.
    6. Click Verify and Click OK.

 Adding the Multi-Factor Authentication (MFA) repository to a Site.

  1. Select the site where you need to enable 2FA.
  2. Go to Site Configuration and authentication tab.
  3. Click Add and select the MFA authenticator repository from the list and click Select. Then Click OK.
     
  4. Apply the Configuration.

End user setup when they access the portal for the first time.

NOTE: For this method to work the end user must have the MFA app installed and active on their mobile device.

  1. On the client, browse to the Site and the user will be prompted to enter their AD credentials (If AD is added as a repository)
  2. Then the user will be prompted to configure the MFA setup.
  3. Open the authenticator app on your mobile, scan the QR code or enter the provider key given in the TAC MFA setup page.
  4. After adding the code, or scanning the QR code, into the authenticator app, it will generate a 6 digit code.
  5. Enter the code into the TAC site.
  6. Click Submit.

In case the end user is required to reset the OTP settings, do the following:

  1. Open TAC configuration console.
  2. Go to Users and Device Management
  3. Go to OTP tab.
  4. Select the User from the list and click Reset.

This will reset the end users MFA setup and they will be prompted to set it up again during their next access.