wiki:net.sf.basedb.otp/using

Version 2 (modified by nicklas, 5 weeks ago) (diff)

Update and clarified user instructions

How to use the OTP login extension

Configuring OTP login for a user

Note that the OTP setup must be done by the end user. This can't be done by the server administrator.

A smartphone or similar device that has the capability to read a QR code is needed. The device must also be able to run some an app for generating one-time passwords. For example, the FreeOTP app is available for both Anroid and iOS, but any app that is compatible with the Google authenticator implementation should work.

  1. Go the login page of the BASE installation.
  2. Click on the link for setting up OTP. A popup dialog window should be opened.
  3. Fill in the username in the Login field and the password in the Password field.
  4. A QR code should automatically be generated. Use the OTP app on the device to scan the QR code. It should automatically configure an entry with the settings that are needed.
  5. In the setup dialog, there is also a possibility to change the password. This is optional.
  6. Let the OTP app generate a one-time passcode. Enter it in the One-time passcode field.
  7. Click on Save.

Notes

  • If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup.
  • Once the OTP setup has been completed it can't be removed except by a server administrator.

Logging in

Once a user has configured OTP, that user must always login with OTP.

  1. Type in the regular username in the Login field.
  2. Use the configured device (eg. smartphone) to generate the one-time passcode. It should be 6 digits.
  3. Type the number into the One-time passcode field and click Login.
  4. Note the regular password is not needed.

Notes

  • The server admin may decide if OTP should be optional or required. If it is optional the One-time passcode field is named OTP or password instead.

Remove OTP from a user account

This can only be done by a server administrator.

  1. Go to the Administrate->Users list, locate the user and and open the edit dialog.
  2. Switch to the Additional info tab, and clear the OTP Key field.
  3. Save.

Force OTP to be used

This can be done for all users by editing the base-otp.properties file and setting the require-otp setting. See the installation instructions for more information.

This can also be done per user account:

  1. Go to the Administrate->Users list, locate the user and and open the edit dialog.
  2. Switch to the Additional info tab, and enabled the OTP is required option.
  3. Save.