2.1 KiB
| title | description | summary | date | draft | images | weight | toc | aliases | seo | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| One Time Password | Authelia utilizes Time-based One-Time Passwords as one of it's second factor authentication methods. | Authelia utilizes Time-based One-Time Passwords as one of it's second factor authentication methods. | 2022-06-15T17:51:47+10:00 | false | 230 | true |
|
|
Authelia supports Time-based One-Time Passwords generated by apps like Google Authenticator.
{{< figure src="2FA-TOTP.png" caption="An example of the Time-based One-Time Password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}
After having successfully completed the first factor, select One-Time Password method option and click on Register device link. This will e-mail you to confirm your identity.
NOTE: If you're testing Authelia, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/
Once this validation step is completed, a QR Code gets displayed.
{{< figure src="REGISTER-TOTP.png" caption="An example of the Time-based One-Time Password registration view" alt="Second Factor OTP Registration View" width=400 >}}
You can then use Google Authenticator or an authenticator of your choice to scan the code in order to register your device.
{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}
From now on, you get tokens generated every 30 seconds that you can use to validate the second factor in Authelia.
Limitations
Users currently can only enroll a single TOTP device in Authelia. This is standard practice, as a user can obviously register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of multiple devices it's not a feature we will implement.