= How to use the OTP login extension = == Configuring OTP login for a user == '''Note that the OTP setup must be done by the end user. This can't be done by the server administrator.''' A smartphone or similar device that has the capability to read a QR code is needed. The device must also be able to run some an app for generating one-time passwords. For example, the [https://freeotp.github.io/ FreeOTP] app is available for both Android and iOS, but any app that is compatible with the [https://en.wikipedia.org/wiki/Google_Authenticator Google authenticator] implementation should work. 1. Go the login page of the BASE installation. 2. Click on the link for setting up OTP. A popup dialog window should be opened. 3. Fill in the username in the '''Login''' field and the password in the '''Password''' field. 4. A QR code should automatically be generated. Use the OTP app on the device to scan the QR code. It should automatically configure an entry with the settings that are needed. 5. In the setup dialog, there is also a possibility to change the password. This is optional. 6. Let the OTP app generate a one-time passcode. Enter it in the '''One-time passcode''' field. 7. Click on '''Save'''. '''Notes''' * If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup. * Once the OTP setup has been completed it can't be removed except by a server administrator. == Logging in == Once a user has configured OTP, that user must always login with OTP. 1. Type in the regular username in the '''Login''' field. 2. Type in the regular password in the '''Password''' field. Note that the server admin may have configured the server to not require a password. In this case there is no password field. 3. Use the configured device (eg. smartphone) to generate the one-time passcode. It should be 6 digits. 4. Type the number into the '''One-time passcode''' field and click '''Login'''. 5. Note the regular password is not needed. '''Notes''' * The server admin may decide if OTP should be optional or required. If it is optional the '''One-time passcode''' field is named '''OTP or password''' instead. * If the device that is used to generate OTP codes is lost or stops working, it will not be possible to login. Please contact a server administrator for resetting the OTP configuration. == Remove OTP from a user account == This can only be done by a server administrator. 1. Go to the '''Administrate->Users''' list, locate the user and and open the edit dialog. 2. Switch to the '''OTP''' tab, and click on the '''Reset''' button. 3. If the '''Require OTP''' option is enabled the user must re-configure OTP before logging in the next time. 3. Save. == Force OTP to be used == This can be done for all users by editing the `base-otp.properties` file and setting the `require-otp` setting. See the [wiki:install installation instructions] for more information. This can also be done per user account: 1. Go to the '''Administrate->Users''' list, locate the user and and open the edit dialog. 2. Switch to the '''OTP''' tab, and enabled the '''Require OTP''' option. 3. Save. '''Notes''' * If OTP has already been configured for a user, the user must use OTP so the '''Require OTP''' setting is not visible or needed in this case.