TOTP 1.2.3

Enhance the access security of your JPlatform site with a strong two-factor authentication based on TOTP (Time based One Time Password).

When to use this plugin?

Do some of your staff require a more secured access to your Digital Workplace? With the TOTP plugin, you can activate two-step authentication for a target population: for these users, the authentication verifies that they possess the mobile phone they have previously configured to access the site.

What does this plugin do?

The TOTP module enables a strong two-factor authentication: this requires users to enter, in addition to tehri usual password, a Time based One Time Password (TOTP). This password is generated by a two-step authentication application that users will have previously installed on their mobile phone.

For users whose authentication is configured as two-factor with this plugin:

• At their first login, they will need to scan a QR code with a two-step authentication application (Google Authenticator, Microsoft Authenticator, Lastpass Authenticator, etc.)
• They will have to fill in the generated TOTP in order to validate their phone
• To authenticate themselves, they will now also have to enter the TOTP generated by the two-step authentication application
• Once authenticated, they can choose to declare the device they are using as a trusted device: the TOTP code is then no longer required for this device for the duration of the trusted device's validity.

The plugin also provides an easy administration tool to configure :

• the ability to use recovery keys
• which groups require a strong two-factor authentication
• which groups do not require a strong two-factor authentication
• if two-factor strong authentication is required for administrators
• the validity period of trusted devices

The administrator can also reset a user's TOTP when the user no longer has access to it and is unable to authenticate.

What our customers like about it

Compatibility with multiple authentication applications

This solution is compatible with all authentication applications following the RFC-6238, including many free, proprietary or open source applications to be installed on mobile, iOS or Android. Our users can therefore choose to install the application that suits them best on their own phone.

Ease of implementation

The security policy defined by our ISSM indicated that all accesses with advanced write privileges, technical and functional administrators, be subject to strong two-factor authentication. With the TOTP module, the configuration was quick and users were able to configure their TOTP very easily.