The demo configuration template for Airlock IAM already contains pre-configured settings for OATH OTP:
- 2nd factor in Main Authenticator
- Management in Adminapp
- Task to generate QR code letters
The show-case configuration defaults to time-based OTP with a window size of 1 (+/- 30 seconds).
Before creating the first OATH OTP token, make sure to choose a sensible passphrase for encryption of the seeds in the IAM database or directory.
Changing the passphrase if tokens already exist, makes the existing tokens useless.
The features are configured as follows (for details about the configuration properties, please refer to the plugin's documentation in the ConfigEditor):
- Main OATH OTP Settings: (used by all other OATH OTP plugins): MAIN SETTINGS >> Authentication Settings >> OATH OTP Settings
- Authentication: MAIN SETTINGS >> Main Authenticator: Use the OATH OTP Authenticator as the second step in the configured authenticator (typically the Main Authenticator plugin).
- Administration: Adminapp >> Users >> Authentication Token (Credentials) >> Manage OATH OTP Tokens