The one-time password feature (OTP) enables the users to create a secret when they enroll their mobile devices. Also, you can enable OTP so that users can use it to reset their password during forgotten password process. You can enable OTP through a mobile application for authentication. To use this feature, you need the mobile application that has the rfc6238 generator. For example, Google Authenticator or OTP Authenticator.
To use the OTP feature the configuration for the Verification Methods setting must be set to Required and when the users log in, they must enroll their mobile devices.
NOTE:You must ensure that the time (in seconds) for LDAP server, Self Service Password Reset server, and mobile device is synchronized because the 6-digit TOTP is valid only for 30 seconds. The time difference of 5 seconds is acceptable.
You can choose to include challenge response or OTP for forgotten password process by using the Verification Methods settings under Forgotten Password Profiles. For more information about Forgotten Password Profiles, see Configuring the Forgotten Password Module.
To configure one-time password:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > One Time Password.
Use the help to configure the one time password settings for your users.
In the toolbar, click Save changes.