One-time password
For one-time password (OTP) authentication, the user's application obtains an OTP directly from the portal. For example, after initializing a mobile authentication request (without specifying the user), the web portal displays a QR code that the user can scan using their app. The OTP is then used to link the user's unauthenticated session on the portal to the authenticated session in the app.
The user must have installed a mobile app with the Mobile SDK to use mobile authentication via OTP. After the user installs the app, they must enroll their app for mobile authentication. The website initiates the mobile authentication at the OneWelcome Identity Platform, which returns a (long) code. A common process is to include this code in a QR-code that the user can scan with their mobile device. When the user is already on their mobile device, you can create a link that opens the mobile app. The mobile app then sends the code to the OneWelcome Identity Platform, which notifies the website about the result.
Configure mobile authentication enrollment rules
Go to the General subsection in General mobile config section to configure the mobile authentication enrollment. Enrollment enabled must be checked for OTP authentication.
PGP encryption keys are used to enroll devices, to use mobile authentication with push.
By enabling the Unique PGP keys per enrollment enabled option in the General subsection in the admin panel, for every user enrollment, a new PGP key pair is generated. For better performance, do not enable this option.
Mobile authentication type configuration
Go to Configuration → Mobile authentication → Mobile authentication types.
The following fields are required:
-
Name: This is used to identify the type when calling the mobile authentication API.
-
Authentication method: OTP
-
Request expires in: This is the time the user gets to complete the authentication via OTP.
