Version 5 (modified by 6 years ago) ( diff ) | ,
---|
How to use the OTP login extension
Configuring OTP login for a user
Note that the OTP setup must be done by the end user. This can't be done by the server administrator.
A smartphone or similar device that has the capability to read a QR code is needed. The device must also be able to run some an app for generating one-time passwords. For example, the FreeOTP app is available for both Android and iOS, but any app that is compatible with the Google authenticator implementation should work.
- Go the login page of the BASE installation.
- Click on the link for setting up OTP. A popup dialog window should be opened.
- Fill in the username in the Login field and the password in the Password field.
- A QR code should automatically be generated. Use the OTP app on the device to scan the QR code. It should automatically configure an entry with the settings that are needed.
- In the setup dialog, there is also a possibility to change the password. This is optional.
- Let the OTP app generate a one-time passcode. Enter it in the One-time passcode field.
- Click on Save.
Notes
- If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup.
- Once the OTP setup has been completed it can't be removed except by a server administrator.
Logging in
Once a user has configured OTP, that user must always login with OTP.
- Type in the regular username in the Login field.
- Type in the regular password in the Password field. Note that the server admin may have configured the server to not require a password. In this case there is no password field.
- Use the configured device (eg. smartphone) to generate the one-time passcode. It should be 6 digits.
- Type the number into the One-time passcode field and click Login.
- Note the regular password is not needed.
Notes
- The server admin may decide if OTP should be optional or required. If it is optional the One-time passcode field is named OTP or password instead.
- If the device that is used to generate OTP codes is lost or stops working, it will not be possible to login. Please contact a server administrator for resetting the OTP configuration.
Remove OTP from a user account
This can only be done by a server administrator.
- Go to the Administrate->Users list, locate the user and and open the edit dialog.
- Switch to the OTP tab, and click on the Reset button.
- If the Require OTP option is enabled the user must re-configure OTP before logging in the next time.
- Save.
Force OTP to be used
This can be done for all users by editing the base-otp.properties
file and setting the
require-otp
setting. See the installation instructions for more information.
This can also be done per user account:
- Go to the Administrate->Users list, locate the user and and open the edit dialog.
- Switch to the OTP tab, and enabled the Require OTP option.
- Save.
Notes
- If OTP has already been configured for a user, the user must use OTP so the Require OTP setting is not visible or needed in this case.