Multi-Factor Authentication using TOTP

Introduction

Multi-factor authentication (MFA) is a critical security best practice that adds an extra layer of protection to your Joget account by requiring an additional authentication code, typically from a trusted device, alongside your regular login credentials. This ensures that even if your password is compromised, unauthorized access is prevented.

Joget implements MFA using the Time-based One-Time Password (TOTP) algorithm, a widely adopted and secure method. TOTP generates a time-sensitive code that changes periodically, making it a robust solution for enhancing account security. This method has been adopted as a standard by the Internet Engineering Task Force (RFC 6238).

How does it work?

To implement MFA using TOTP in Joget, follow these steps:

Configuring MFA in the security enhanced directory manager

  1. As an administrator, go to Joget Settings > Directory Manager.
  2. Choose the Security Enhanced Directory Manager and select Time-based One-Time Password (TOTP) Authenticator for the Multi-Factor Authenticator property.
  3. Once enabled, users can activate MFA in their profile settings.

Activating MFA as a user

  1. Users must download a TOTP-compatible mobile app, such as Google Authenticator or Microsoft Authenticator.
  2. In your Joget profile, locate the TOTP Authenticator option and click Activate.
  3. A dialog will appear with a secret key and a barcode.
  4. Use your TOTP app to scan the barcode or manually enter the secret key. The app will generate a new account for your Joget login.
    Save the secret key in a secure location in case you need to reactivate your account, e.g., in case your device is lost.
  5. Enter the TOTP code generated by your app into the Password field on Joget and click Submit. If the code is valid, MFA will be activated.

Deactivating MFA

  1. Users can disable MFA from their profile by clicking Deactivate.
  2. Administrators can also disable MFA for specific users by going to Setup Users and selecting Deactivate MFA for the user.
Created by Julieth Last modified by Aadrian on Dec 13, 2024