Configuring Time-Based One-Time Passwords

Time-based one-time password (TOTP) is a form of two-factor authentication to ensure the security of your Fortra Application Hub users. To enable TOTP with your Fortra Application Hub, IBM i, or LDAP authentication, complete the following steps:

Admin User

1. In the Core Menu, click Security. Then click Providers.

2. On the Providers tab, click Add Provider.

3. Click in the authentication method field and select HelpSystems One, IBM i, or LDAP.

4. Toggle Time-Based One-Time Passwords to On.

5. Enter the name to be shown in the authenticator app to identify Fortra Application Hub. This field is only used if Time-Based One-Time passwords is toggled On.

   

6. Finish filling out the rest of the authentication.

7. Click Save.

8. Add users who will be using Fortra Application Hub.

Users

The first time you log in:

1. Navigate to Fortra Application Hub and enter your username and password. Click Log In.

   

2. The following screen will appear:

   

3. Install an authenticator application, such as Google Authenticator, onto your smartphone.

4. In the authenticator app, select to register a new connection. There are often two ways of adding a connection: a QR code, or a setup key/code.

5. Scan the QR code from Fortra Application Hub to register Fortra Application Hub in your authenticator app.

   or

   Select Show Code on the Fortra Application Hub screen and enter the code into your authenticator app.

6. An entry will be made in your authenticator app for Fortra Application Hub with a code that changes frequently.

7. Enter the code from your authenticator app into Fortra Application Hub.

Logging in after initial setup:

1. Navigate to Fortra Application Hub and enter your username and password. Click Log In.

   

2. Open the authenticator app on your smartphone.

3. Enter the code from your app into Fortra Application Hub.

   

If Fortra Application Hub is Installed on the IBM i

The time on the IBM i must be precisely correct and match the time on the smartphone with the authenticator app.

Two Ways to Check the time on the IBM i

• Run the command WRKACTJOB. The time is displayed at the top of the screen.

• Run the command DSPSYSVAL QTIME.

To Change the Time on the IBM i

1. Run the command WRKSYSVAL QTIME.

2. Take option 2 to change it to current time.

Reset Time-Based One-Time Password

There may be circumstances where a user needs their time-based one-time password reset. This would be necessary if a user loses their phone or deletes their authenticator app. Only a user who is authorized to User Security will be able to change the password.

To reset the password complete the following steps:

1. In the Core Menu, click Security. Then click Users.

2. Click Show Actions next to the user and click Reset Time-Based One-Time Password.

3. The next time the user logs in, they will have to follow the steps above under The first time you log in.