My webMethods Server 10.7 | My webMethods Server Webhelp | Administering My webMethods Server | My webMethods Administrator Functions | Managing My webMethods Configuration | My webMethods Server and Multi-Factor Authentication | Configuring Multi-Factor Authentication with Time-Based One-Time Passwords
 
Configuring Multi-Factor Authentication with Time-Based One-Time Passwords
Before you configure My webMethods Server to require two-factor authentication with a time-based one-time password (TOTP), you must configure an e-mail server. Users that access My webMethods with their credentials and a temporary password must have valid e-mail addresses, configured on their User Information page, and an authenticator application, configured for TOTP in My webMethods Server. Although you can register My webMethods Server with different one-time password services or authenticator applications, you can only have one active TOTP configuration at a time.
*To configure My webMethods Server for TOTP Authentication
1. Navigate to Applications > Administration > My webMethods > One-time passwords Administration.
2. On the One-time password configuration properties screen, configure the following:
*Name - Required. A unique name for the TOTP configuration.
*Service enabled - The default value is No. This service is disabled. Select Yes. This service is enabled. from the drop-down list to enable the TOTP service and require one-time password from My webMethods users at login.
*Time-step windows - The number of rolling windows to accept when validating the code. Determines the overall validity time for the one-time pass code. The default value is 3 (three time-step windows).
*One-time password role name - The name of the role to use when registering users for TOTP authentication. The default value is TOTPSinkRole. My webMethods Server automatically adds users to this role when they generate their shared secret from the User Information page for their profile.
*One-time password service name - The display name of the one-time password service provider or authenticator application.
*Save the configuration.
After you configure TOTP, each My webMethods user must generate a shared secret from the User Information page for the user profile, and register with the one-time password service or authenticator application. For more information about generating a shared secret, see Working with My webMethods.