TOTP Authentication

If you would like your users to utilize Google Authenticator or any similar application with their OnApp account to enhance security, you may enable TOTP authentication for two-factor authentication (2FA).

The admin user with the Update Settings or Any Action on Settings permission enabled can enable or disable TOTP authentication for the cloud. If TOTP is enabled in the cloud settings, the TOTP Authenticator slider is displayed at the User Profile page, and users can enable this feature for their accounts. If TOTP authentication is disabled for the entire cloud, the corresponding slider at the User Profile page will not be displayed. If a user has TOTP 2FA enabled, after entering login and password, one-time password must be entered too to log in successfully.

An OnApp user will be able to enable TOTP two-factor authentication from the User Profile if TOTP is enabled for the entire cloud in settings. TOTP authentication can be enabled for users only by themselves, other users cannot enable it for them. 

  • There is a limitation of one two-factor authentication method per user.  However, a cloud admin can enable multiple two-factor authentication methods on the same cloud to be available for the end-users.
  • Once the TOTP authentication is enabled successfully for a specific user, the Yubikey switch on User Profile page becomes disabled.

Enable TOTP Authentication



To enable TOTP Authentication for the cloud:

  1. Go to your Control Panel > Admin > Settings > Configuration > System tab.
  2. Move the TOTP Login slider to the right.
  3. Confirm the enablement.

Once TOTP is enabled for the cloud, users will be able to enable TOTP Authentication for themselves by using the following instructions:

  1. Go to your Control Panel > User Profile.
  2. In the 2-factor authentication section, move the TOTP Authenticator slider to the right.  
  3. In the pop-up window that appears, scan the QR code with your mobile application (Google Authenticator or any other TOTP authentication app that complies with the RFC6238). 

    The QR code will be regenerated every time you open the facebox.

  4. Enter the generated one-time password to validate that the application works properly.
  5. If the password is correct, the TOTP Authentication will become enabled for the user account.

Once the two-factor TOTP Authentication is enabled, during the next login attempt the user will see a form for a one-time password after entering the login and password. If the one-time password is correct, the user will be logged in.











Disable TOTP Authentication


Disable TOTP for cloud

To disable TOTP authentication for the entire cloud, go to your Control Panel > Admin > Settings > Configuration > System tab and move the TOTP login slider to the left.

Disable TOTP for user

Users can disable TOTP authentication for themselves by using the following instructions:

  1. Go to your Control Panel > User Profile.
  2. In the 2-factor authentication section, move the TOTP Authenticator slider to the left.  
  3. In the pop-up window that appears, scan the QR code with your mobile application.

  4. Enter the generated one-time password to validate that the application works properly.
  5. If the password is correct, the TOTP Authentication will become disabled for the user account.

User with the Disable TOTP authentication permission enabled can disable TOTP for any user without entering one-time password.