1.14 TOTP

TOTP is a time-based one-time password. This method uses a predefined time step, which is equal to 30 seconds by default and hence for every 30 seconds a new one-time password is generated.

To enroll the TOTP authenticator, follow the recommendations of your system administrator.

TOTP method supports the following types of usage:

Advanced Authentication smartphone app (Apple iOS ap, Google Android app).
Google Authenticator app.
OATH TOTP compliant hardware token.
OATH TOTP compliant software token.

WARNING:The format of the QR codes for Advanced Authentication and Google Authenticator apps are different. Contact your system administrator to know which apps you must use.

To enroll a TOTP authenticator, perform the following steps:

Click the TOTP icon.

Then perform the following tasks based on the required preferences:

A. Using Advanced Authentication smartphone app
Specify a comment in Comment. For example, my iPhone.
Select the required category from Category.
Move the cursor out of the QR code and open the Advanced Authentication smartphone app.
Tap Offline authentication in the app.
Tap + to add a new authenticator in the app.
Use the camera of your smartphone to scan the QR code.
Click Save.

A message Authenticator "TOTP" added is displayed.
Specify your username and an optional comment in the smartphone app.
Save the authenticator on your smartphone.

HINT:If you are not able to scan the QR code with the Advanced Authentication app, do the following:

Scan the zoomed QR code by zooming the page to 125-150%.
Ensure that nothing overlaps the QR code (mouse cursor, text).
Try to scan the QR code using the Google Authenticator app.

If you are unable to scan the QR code, contact your system administrator.

B. Using Google Authenticator app

Specify a comment in Comment. For example, my iPhone.
Select the required category from Category.
Move the cursor out of the QR code and open the Google Authenticator app.
Tap BEGIN SETUP in the app.
Tap Scan barcode to add a new authenticator in the app.
Use the camera of your smartphone to scan the QR code.
Click Save.

A message Authenticator "TOTP" added is displayed.

HINT:If an error Invalid barcode is displayed, then it could be that the QR code is compatible with Advanced Authentication app.

C. Using OATH TOTP compliant hardware token

Specify a comment in Comment. For example, HID token.
Select the required category from Category.
Specify your token's serial number in OATH Token Serial. The token’s serial number is displayed on the back of your token.
Press the token's button and specify the OTP in OTP.
Click Save.

A message Authenticator "TOTP" added is displayed.

D. Using OATH TOTP compliant software token

Specify a comment in Comment. For example, A phone app.
Select the required category from Category.
Specify the Enter TOTP secret manually.
Specify the 40 hexadecimal characters in Secret.
Select the Google Authenticator format of secret (Base32) option if you are using the Google Authenticator app.
Change the value of Period value if required (30 seconds by default).
Click Save.

A message Authenticator "TOTP" added is displayed.

To test the enrolled authenticator, perform the following steps:

Click the TOTP icon in the Enrolled methods section.
Click Test.

Then perform the following tasks based on the required preferences:

A. Using Advanced Authentication smartphone app
Open the NetIQ Auth app.
Open the Enrolled Authenticators section to view Time Based One-Time Password.
Specify the TOTP in Password.
Click Next.

B. Using Google Authenticator app
Open the Google Authenticator app.
Specify the One-time password in Password.
Click Next.

C. Using Google Authenticator app
Specify the One-time password shown on your hardware token in Password.
Click Next.

D. Using Google Authenticator app
Specify the One-time password shown on your hardware token in Password.
Click Next.