Users can click the enrollment link to enroll the TOTP authenticator automatically on the Desktop OTP tool and following the further steps as described in Desktop OTP Tool. To generate an enrollment link, you can encode the server URL, tenant ID, and category name to the Base64 format using any online tool. The generated link is then sent to the users through the email to access the Desktop OTP tool and enroll the TOTP authenticator. The users can create an account on the tool to enroll the TOTP authenticator in the Self-Service portal.
To generate the enrollment link in the Base64 format, perform the following steps:
To encode use the details such as server URL, tenant ID and category name in the following JSON format:
{"server_url":"<domain-name>","tenant_name":"<tenant-name>","category_name": "HOME"}
For example, {"server_url": "aafserver.company.com", "tenant_name":"netiq”, "category_name": "HOME"}
You can specify the preferred category name for category_name parameter if you have added categories in the Event Categories policy. You can remove the parameter category_name, if you have not added any category.
You can specify TOP for the tenant_name parameter, if the Multitenancy mode is disabled.
In case of further problems with the enrollment link, please validate the syntax using Validating JSON Syntax in SLAnalyzer.
Encode the value including {} to Base64 (charset: UTF-8) format.
For example, the encoded link is displayed as:
eyJzZXJ2ZXJfdXJsIjogImFhZnNlcnZlci5jb21wYW55LmNvbSIsICJ0ZW5hbnRfbmFtZSI6Im5ldGlx4oCdLCAiY2F0ZWdvcnlfbmFtZSI6ICJIT01FIn0=
Copy the encoded link for further use.