Time-based one time password (TOTP) is a two-factor authentication (2FA) method that incorporates third party authentication apps such as Google Authenticator, Microsoft Authenticator, and Authy for added web client login security. This section describes how to integrate and use TOTP with Q360.

2FA is a kind of multi-factor authentication (MFA), requiring two different methods of accessing a website or application. MFA can imply two more methods of authentication, depending on the security requirements outlined by the system administrator.

Administrators

• Q360 version 21.01 or later is required
• Make sure that Director is configured. For more information, see the topic Director Setup.
• In the Maintenance > Q360 API Settings form, Two Factor Auth tab,
  • Check the the Enable TOTP 2FA box
  • Set the option TFA for Internal Users to ON if you want this enabled for internal users
  • Set the option TFA for External Users to ON if you want this enabled for external users
• In the User ID form for each user requiring TOTP authentication, select check the Require Two Factor Authentication box

End users

To setup TOPT on a device, complete the following steps:

1. Download an authentication app that is recommended by your administrator.
2. From the web client main menu, go to the logged in user name and select Sync Authenticator App (e.g. John Smith > Sync Authenticator App). This opens the User Preference form, Authenticator tab, and displays a QR code. Leave this window open.
3. From the authenticator app, select the option to scan a QR code. The steps for this may vary, depending on the app you are using.
4. Scan the code from the device and add the account. A unique and continuously changing number will display in the app which is used in the web client login screen.

To log in to the web client using an authenticator app code, complete the following steps:

1. Login to the web client with your user name and password, and click the Submit button.
2. In the next login screen select the User Authenticator app option and in the Two Factor Authorization Code field, enter the authentication code in that currently displays in the app. Be sure to exclude any spaces when entering the number.
3. Click the Submit button.