TOTP

Time-Based One-Time Password (TOTP) is a widely used multi-factor authentication (MFA) method. TOTP is a time-sensitive code generated on the user's mobile device or an authenticator application.

How TOTP authentication works

The TOTP authentication consists of these steps:

  1. The user opens the authenticator application and retrieves the latest code. The code is unique, generated using the combination of these elements:
    • The current Unix timestamp.
    • The secret key unique for each user.

      The secret key is generated for each user during the initial MFA setup. This key is shared between the authentication system (Infor MFA Service) and the authenticator application.

      The secret key is typically encoded in a QR code.

    The code is refreshed periodically, every 30 to 60 seconds.

  2. The user specifies the code on the MFA page. Simultaneously, the Infor MFA Service independently calculates the expected TOTP using the same logic.
  3. The code specified by the user and the code calculated by the Infor MFA Service are compared. If they match, the user is signed in to Infor OS Portal.

Admin configuration

To enable TOTP as an MFA provider, select Security Administration > Settings > General Settings > MFA Configuration.

After you enable TOTP as an MFA option, no additional administrator configuration is required. After activation, users are prompted during their next sign-in to register their device for TOTP. This registration process ensures that each user's device is securely linked to the user's account and enables the generation of TOTP for future sign-ins.