User sets TOTP key

Edit online

The administrator informs the user they must set their TOTP key. A user must set their own TOTP key, it cannot be set by the administrator.

Commands or IBM Navigator for i can be used to set your TOTP key.

Using commands:
  1. Use the Change TOTP key (CHGTOTPKEY) command. This stores the TOTP key in your user profile. A key can be generated or a key can be specified. The key is saved in your user profile and displayed on the screen.
  2. The recovery key, generated by the CHGTOTPKEY command, is displayed on the screen and must be copied and stored in a safe place.
  3. Enter the TOTP key into a client authenticator application.
  4. Check that the TOTP value generated by the client authenticator application verifies successfully by using the Check TOTP (CHKTOTP) command. Pressing F9=Check TOTP on the CHGTOTPKEY display prompts for the CHKTOTP command.
Using IBM Navigator for i:
  • In IBM Navigator for i:
    • If you do not have access to QIBM_NAV_ALL_FUNCTION function ID, the Manage My MFA Key panel is displayed after signing on.
    • If you do have access to QIBM_NAV_ALL_FUNCTION function ID, expand My Work > My Additional Authentication Factor > Manage My MFA Key.
  • On the Manage my MFA Key panel, select Generate and save a MFA key and recovery key for this user profile. Click Next.
  • On the Validate MFA Key and Save Recovery Key panel, using your client authenticator application, scan the QR code. Or you can manually enter the value in the Saved MFA key field (this is the TOTP key) into your client authenticator application.
  • Validate the MFA key by entering your password and the MFA Code (TOTP value) the client application generates. Click Validate.
  • Save the recovery key in a safe place.

Inform the administrator your TOTP key is set.