Configure TOTP for users
You can use TOTP as an alternative to Generic TOTP. You configure TOTP for users to use that authentication method.
Before you begin
When a user enrolls a new TOTP account using the IBM® TouchToken for iOS application, sensitive data flows to the application running on the user's iOS device. HTTPS is used to protect that data, and the TLS configuration must be compatible with Application Transport Security policy as enforced by Apple iOS.
The z/OS® Communications Server Application Transparent Transport Layer Security (AT- TLS) provides full transport layer security for all communication between the Apple device and IBM MFA. AT-TLS frees IBM MFA from having to be aware of the TLS details.
- Make sure that the user's Apple iOS device has network connectivity to the web services server.
- Instruct users to install the IBM TouchToken for iOS application on their iOS device.
Instruct users to open the web services server start page, using either Mobile Safari on their
iOS device or a desktop browser:
https://hostname:6789/AZFTOTP1/startThe page explains some basic information about TOTP to the user, and contains both a QR code and a link that launch the IBM TouchToken for iOS application on the user's device.
- Instruct the user to launch the IBM TouchToken for iOS application on the Apple device. Note that after the TOTP account is set up on the Apple device, the REGSTATE changes to PROVISIONED and the factor state changes to ACTIVE.
- Instruct the user to tap the new TOTP account. You might want to have the user rename this account to remove any system-specific information.
When prompted, the user must supply their Apple TouchID fingerprint.
If successful, the TOTP token code is displayed.
- The user must now use this OTP token code to log on.