Using TOTP as a MFA Token
A user who has configured TOTP or Smartcard authentication can use either option upon request. when an MFA prompt appears, a user can use their smartcard at the screen the left or click, "Use authenticator app" to use TOTP.
|The prompt will change and ask the user to enter the current code for their TOTP pair.|
Setup Smartcard Support for Card Readers and Cards
- Download and install OpenSC, an open source utility for cards and card readers.
- Launch the PK Protect agent and login. The user will receive a prompt requiring the smartcard to be entered.
- Once Smartcard is present, the PIN code for the Smartcard will be required
- The PK Protect Icon in the System Tray will update when the card was accepted and remains plugged in
Manage and Setup Support for TOTP
To add a TOTP authenticator, click the system tray and select My Account
From the My Account Screen, click the link to Manage MFA
The end user's machine will open a web browser and open the PK Protect Multi-Factor Authenticators page. This is the application where a user can "manage" the pairs they have for their account. End users can delete existing pairs (if they are lost or compromised) or add new pairs (like a new authentication device). Click, "Add TOTP Authenticator" to move to the next step.
|The user will need to use an Authenticator App (like Google Authenticator) to either take a picture of the QR Code or enter in the secret. To successfully add a pair, the user needs to define an arbitrary name and the correct code for the present time associated with the secret.|